CVE-2012-2607

Johnson Controls CK721-A <SSM4388_03.1.0.14_BB - RCE

Title source: llm
STIX 2.1

Description

The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/MORO-8UYN8P
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/977312

Scores

EPSS 0.0182
EPSS Percentile 76.1%

Details

CWE
CWE-78
Status published
Products (3)
johnsoncontrols/network_controller ck721-a
johnsoncontrols/network_controller_firmware 03.0
johnsoncontrols/network_controller_firmware < 03.1.0.14
Published Jul 16, 2012
Tracked Since Feb 18, 2026