American Dynamics Illustra Essentials Gen 4 - Reversible User Credential - stored web interface
CVE-2024-32932

6.8MEDIUM

Key Information:

Vendor

Johnson Controls

Status
American Dynamics Illustra Essentials Gen 4
Vendor
CVE Published:
2 July 2024

What is CVE-2024-32932?

Under certain circumstances the web interface users credentials may be recovered by an authenticated user.

Affected Version(s)

American Dynamics Illustra Essentials Gen 4 0

References

https://www.johnsoncontrols.com/trust-center/cybersecurit...
https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

Credit

Sam Hanson of Dragos
JSON
.
CVE-2024-32932 : American Dynamics Illustra Essentials Gen 4 - Reversible User Credential - stored web interface