CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-27663

A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.7%

CVSS Severity

CVSS v3 Score 8.2

CVSS v2 Score 9.3

References

https://us-cert.gov/ics/advisories/ICSA-21-238-01
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
https://us-cert.gov/ics/advisories/ICSA-21-238-01
https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Products affected by CVE-2021-27663

Johnsoncontrols » Ac2000 » Version: N/A

cpe:2.3:h:johnsoncontrols:ac2000:-
Johnsoncontrols » Ac2000 Firmware » Version: Any

cpe:2.3:o:johnsoncontrols:ac2000_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-27663

Products

Pricing

Contact Us