Insufficient Protection in Software House C?CURE 9000 Site Server
CVE-2024-32861

7.8HIGH

Key Information:

Vendor: Johnson Controls
Status: Software House C•cure 9000 Installer
Vendor: CVE Published:; 16 July 2024

🔔 Create Johnson Controls Vulnerability Alert

What is CVE-2024-32861?

The Software House C?CURE 9000 Site Server may be vulnerable due to inadequate safeguards around directories that contain executable files. This flaw could allow unauthorized access to critical system components, potentially compromising the integrity and functionality of the software. Proper configuration and security measures are essential to mitigate any related risks. Stakeholders are advised to review their systems for this issue and implement best practices in security management.

Affected Version(s)

Software House C•CURE 9000 Installer 0 <= 2.8

References

https://www.johnsoncontrols.com/trust-center/cybersecurit...

https://www.cisa.gov/news-events/ics-advisories/ICSA-24-1...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2024

Credit

Reid Wightman of Dragos

JSON