Insufficient Protection in Software House C?CURE 9000 Site Server
CVE-2024-32861

7.8HIGH

Key Information:

Vendor: Johnson Controls
Status: Software House C•cure 9000 Installer
Vendor: CVE Published:; 16 July 2024

What is CVE-2024-32861?

The Software House C?CURE 9000 Site Server may be vulnerable due to inadequate safeguards around directories that contain executable files. This flaw could allow unauthorized access to critical system components, potentially compromising the integrity and functionality of the software. Proper configuration and security measures are essential to mitigate any related risks. Stakeholders are advised to review their systems for this issue and implement best practices in security management.

Affected Version(s)

Software House C•CURE 9000 Installer 0 <= 3.00.3

References

https://www.johnsoncontrols.com/trust-center/cybersecurit...

https://www.cisa.gov/news-events/ics-advisories/ICSA-24-1...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2024

Credit

Reid Wightman of Dragos

Johnson Controls

What is CVE-2024-32861?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit