Johnson Controls Products

Summary

Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data.

The following versions of Johnson Controls Products are affected:

Application and Data Server (ADS) (CVE-2025-26385)
Extended Application and Data Server (ADX) (CVE-2025-26385)
LCS8500 (CVE-2025-26385)
NAE8500 (CVE-2025-26385)
System Configuration Tool (SCT) (CVE-2025-26385)
Controller Configuration Tool (CCT) (CVE-2025-26385)

CVSS	Vendor	Equipment	Vulnerabilities
v3 10	Johnson Controls	Johnson Controls Products	Improper Neutralization of Special Elements used in a Command (‘Command Injection’)

Background

Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy, Government Services and Facilities, Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Ireland

Vulnerabilities

Expand All +

CVE-2025-26385

Under certain circumstances a successful exploitation of this vulnerability could allow remote SQL execution.

View CVE Details

Affected Products

Vendor:
Johnson Controls

Product Version:
Johnson Controls Application and Data Server (ADS): <=Metasys_14.1, Johnson Controls Extended Application and Data Server (ADX): Metasys_14.1, Johnson Controls LCS8500: >=Metasys_installation__12.0|<=14.1, Johnson Controls NAE8500: >=Metasys_installation__12.0|<=14.1, Johnson Controls System Configurat

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Johnson Controls Products

Johnson Controls Products

Summary

Background

Vulnerabilities

CVE-2025-26385

Affected Products

Johnson Controls Products

Read the original article:

Like this:

Related

Summary

Background

Vulnerabilities

CVE-2025-26385

Affected Products

Johnson Controls Products

Read the original article:

Share this:

Like this:

Related

Post navigation