CVE-2021-27663

HIGH

Johnson Controls CEM Systems AC2000 <10.6 - Info Disclosure

Title source: llm

Description

A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

https://us-cert.gov/ics/advisories/ICSA-21-238-01

Scores

CVSS v3 8.2

EPSS 0.0157

EPSS Percentile 72.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Details

CWE

CWE-285

Status published

Products (1)

johnsoncontrols/ac2000_firmware 10.1 - 10.5

Published Aug 30, 2021

Tracked Since Feb 18, 2026