­
CISA Releases Seven Industrial Control Systems Advisories - All Articles - CISO Platform

All Articles

CISA Releases Seven Industrial Control Systems Advisories

Posted by Priyanka Aash on July 17, 2024 at 5:06pm in Blog
CISA Releases Seven Industrial Control Systems Advisories

CISA released 7 Industrial Control Systems (ICS) advisories in July, which provide timely information about current security vulnerabilities and exploits.

1> Johnson Controls Kantech Door Controllers

ICSA-24-184-01 Johnson Controls Kantech Door Controllers

EXECUTIVE SUMMARY

  • CVSS v3 3.1
  • ATTENTION: Exploitable via adjacent network
  • Vendor: Johnson Controls, Inc.
  • Equipment: Kantech KT1, KT2, KT400 Door Controllers
  • Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor

 

RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to gain access to sensitive information.

TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following products by Kantech, a subsidiary of Johnson Controls, are affected:

  • Kantech KT1 Door Controller, Rev01: Versions 2.09.01 and prior
  • Kantech KT2 Door Controller, Rev01: Versions 2.09.01 and prior
  • Kantech KT400 Door Controller, Rev01: Versions 3.01.16 and prior

 

2> mySCADA myPRO

ICSA-24-184-02 mySCADA myPRO

EXECUTIVE SUMMARY

  • CVSS v4 9.3
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: mySCADA
  • Equipment: myPRO
  • Vulnerability: Use of Hard-coded Password

RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to remotely execute code on the affected device.

TECHNICAL DETAILS

AFFECTED PRODUCTS

The following mySCADA products are affected:

  • myPRO: Versions prior to 8.31.0

 

3> ICONICS and Mitsubishi Electric Products

ICSA-24-184-03 ICONICS and Mitsubishi Electric Products

 

EXECUTIVE SUMMARY

  • CVSS v3 7.0
  • ATTENTION: Exploitable remotely
  • Vendor: ICONICS, Mitsubishi Electric
  • Equipment: ICONICS Product Suite
  • Vulnerabilities: Allocation of Resources Without Limits or Throttling, Improper Neutralization, Uncontrolled Search Path Element, Improper Authentication, Unsafe Reflection

RISK EVALUATION

Successful exploitation of these vulnerabilities could result in denial of service, improper privilege management, or potentially remote code execution.

TECHNICAL DETAILS

AFFECTED PRODUCTS

ICONICS reports that the following versions of ICONICS Product Suite are affected:

  • ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: Version 10.97.2 (CVE-2023-2650, CVE-2023-4807)
  • AlarmWorX Multimedia (AlarmWorX64 MMX): All versions prior to 10.97.3 (CVE-2024-1182)
  • MobileHMI: All versions prior to 10.97.3 (CVE-2024-1573)
  • ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: All versions prior to 10.97.3 (CVE-2024-1574)

 

4> Johnson Controls Illustra Essentials Gen 4 (Update A)

ICSA-24-179-04 Johnson Controls Illustra Essentials Gen 4 (Update A)

 

EXECUTIVE SUMMARY

  • CVSS v3 9.1
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Johnson Controls, Inc.
  • Equipment: Illustra Essentials Gen 4
  • Vulnerability: Improper Input Validation

RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to inject commands.

TECHNICAL DETAILS

AFFECTED PRODUCTS

Johnson Controls reports that the following versions of Illustra Essentials Gen 4 IP camera are affected:

  • Illustra Essentials Gen 4: all versions up to Illustra.Ess4.01.02.10.5982

 

 

5> Johnson Controls Illustra Essentials Gen 4 (Update A)

EXECUTIVE SUMMARY

  • CVSS v3 6.8
  • ATTENTION: Exploitable remotely
  • Vendor: Johnson Controls, Inc.
  • Equipment: Illustra Essentials Gen 4
  • Vulnerability: Storing Passwords in a Recoverable Format

RISK EVALUATION

Successful exploitation of this vulnerability could allow an authenticated user to recover credentials for other Linux users.

TECHNICAL DETAILS

AFFECTED PRODUCTS

Johnson Controls reports that the following versions of Illustra Essential Gen 4, an IP camera, are affected:

  • Illustra Essentials Gen 4: versions up to Illustra.Ess4.01.02.10.5982

 

6> Johnson Controls Illustra Essentials Gen 4 (Update A)

 

EXECUTIVE SUMMARY

  • CVSS v3 6.8
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Johnson Controls, Inc.
  • Equipment: Illustra Essentials Gen 4
  • Vulnerability: Insertion of Sensitive Information into Log File

RISK EVALUATION

Successful exploitation of this vulnerability may allow an attacker to gain access to Linux user credentials.

TECHNICAL DETAILS

AFFECTED PRODUCTS

Johnson Controls reports that the following versions of Illustra Essential Gen 4 IP cameras are affected:

  • Illustra Essential Gen 4: version Illustra.Ess4.01.02.10.5982 and prior

 

7> Johnson Controls Illustra Essentials Gen 4 (Update A)

EXECUTIVE SUMMARY

  • CVSS v3 6.8
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Johnson Controls, Inc.
  • Equipment: Illustra Essentials Gen 4
  • Vulnerability: Storing Passwords in a Recoverable Format

RISK EVALUATION

Successful exploitation of this vulnerability may allow web interface user's credentials to be recovered by an authenticated user.

TECHNICAL DETAILS

AFFECTED PRODUCTS

Johnson Controls reports that the following versions of Illustra Essentials IP cameras are affected:

  • Illustra Essential Gen 4: versions Illustra.Ess4.01.02.10.5982 and prior
Views: 72
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by Priyanka Aash

Matthew Ireland
Matthew Ireland is the CISO at NTT Research, where he focuses on aligning security with business innovation. With extensive experience in cybersecurity leadership, Ireland emphasizes the importance of understanding organizational culture and adapting security strategies to meet evolving business needs. His insights have been shared in various forums, including a recent fireside chat on strategic security management.

Bikash Barai
Bikash Barai is the co-founder of CISOPlatform and FireCompass, platforms dedicated to empowering cybersecurity leaders with actionable insights and community-driven solutions. As a seasoned cybersecurity expert, Barai advocates for leveraging peer networks and innovative tools to enhance security postures. His work supports CISOs in navigating complex security challenges and staying ahead of emerging threats.

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

Read More

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

City Round Table Meetup - Mumbai, Bangalore, Delhi, Chennai, Pune, Kolkata

Apr 15, 2025 at 8:00am to May 15, 2025 at 10:00am UTC+5.5
India
  • Description:
    CISO Playbook Round Table Overview : 
    Our round tables are designed to bring together top CISOs and IT leaders in intimate, focused sessions. These closed-door discussions will provide a platform to explore key security challenges and solutions. These sessions aim to create a focused, closed-door environment where 08-10 CISOs will dive deeply into the practicalities of implementing specific technologies.
    • Technology Implementation: From…
  • Created by: Biswajit Banerjee
  • Tags: ciso, playbook, round table

Round Table Dubai 2025 | GISEC

May 8, 2025 from 6:00pm to 9:00pm UTC+04
Dubai
  • Description:
    CISO Playbook Round Table Overview : 

    Our round tables are designed to bring together top CISOs and IT leaders in intimate, focused sessions. These closed-door discussions will provide a platform to explore key security challenges and solutions. These sessions aim to create a focused, closed-door environment where 08-10 CISOs will dive deeply into the practicalities of implementing specific technologies.
    • Technology…
  • Created by: Biswajit Banerjee

Fireside Chat With Dan Bowden (Global Business CISO, Marsh McLennan (Marsh, Guy Carpenter, Mercer, Oliver Wyman))

May 9, 2025 from 9:30pm to 10:00pm UTC+5.5
Online
  • Description:

    We’re excited to bring you an insightful fireside chat on "Navigating the Cyber Insurance Landscape: Key Considerations for CISOs" with Dan Bowden (Global Business CISO, Marsh McLennan) and Erik Laird (Vice President - North America, FireCompass). In this fireside chat, we'll decode the complexities of cyber insurance from a CISO’s lens and uncover how to make smarter, security-aligned decisions when it comes to policy design, claims, and ROI.

    As cyberattacks grow in…

  • Created by: Biswajit Banerjee
  • Tags: ciso, cyber insurance, dan bowden

CISO Platform: CISO 100 Awards & Future CISO Awards @ Atlanta

Oct 1, 2025 at 9:00am to Oct 2, 2025 at 3:00pm UTC-04
Renaissance Atlanta Waverly Hotel & Convention Center
  • Description:

    Nominate for the CISOPlatform CISO 100 Awards & Future CISO Awards - Recognizing Cybersecurity Leaders. Recommend someone you know deserving of this prestigious accolade....Nominate your colleague, mentor, someone you admire or yourself !

    CISO Platform is collaborating as a community partner with EC-Council’s Global CISO Forum, supporting initiatives such as the CISO Platform…

  • Created by: Biswajit Banerjee