VYPR

Vendor CVEs

Johnson Controls

All CVEs

57 total · sorted by risk
  • CVE-2026-21654Feb 27, 2026
    risk 0.00cvss epss 0.02

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could…

  • CVE-2024-0912Jun 5, 2024
    risk 0.00cvss epss 0.00

    Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions

  • CVE-2024-0242Feb 8, 2024
    risk 0.00cvss epss 0.01

    Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings.

  • CVE-2014-5428Mar 29, 2015
    risk 0.00cvss epss 0.04

    Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE)…

  • CVE-2014-5427Mar 29, 2015
    risk 0.00cvss epss 0.01

    Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote…

  • CVE-2012-4026Jul 16, 2012
    risk 0.00cvss epss 0.01

    The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607.

  • CVE-2012-2607Jul 16, 2012
    risk 0.00cvss epss 0.02

    The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).

Page 2 of 2