CVE-2023-2024

Improper Authentication for OpenBlue Enterprise Manager Data Collector

CVSS 10 CRITICALEPSS 1.1%CWE-287

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Affected products

Johnson Controls · OpenBlue Enterprise Manager Data Collector

public PoCs found — 1

githubgithub.com/team890/CVE-2023-2024★ 1

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-138-04 https://www.johnsoncontrols.com/cyber-solutions/security-advisories