All CISA Advisories, EN

Johnson Controls FX80 and FX90

2025-08-07 17:08

1. EXECUTIVE SUMMARY

CVSS v4 8.4
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Johnson Controls Inc.
Equipment: FX80 and FX90
Vulnerability: Dependency on Vulnerable Third-Party Component

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to compromise the device’s configuration files.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Johnson Controls products are affected:

FX80: FX 14.10.10
FX80: FX 14.14.1
FX90: FX 14.10.10
FX90: FX 14.14.1

3.2 VULNERABILITY OVERVIEW

3.2.1 DEPENDENCY ON VULNERABLE THIRD-PARTY COMPONENT CWE-1395

The affected product is vulnerable to a vulnerable third-party component, which could allow an attacker to compromise device configuration files.

CVE-2025-43867 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-43867. A base score of 8.4 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:H/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Commercial Facilities, Government Facilities, Transportation Systems, Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOC

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Johnson Controls FX80 and FX90

Tags: All CISA Advisories EN

Post navigation

← Black Hat’s network ops center brings rivals together for a common cause

Delta Electronics DIAView →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

AI wrote my code and all I got was this broken prototype August 7, 2025

Hackers Exploit SVG Files with Embedded JavaScript to Deploy Malware on Windows Systems August 7, 2025

Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’ August 7, 2025

What GPT‑5 means for IT teams, devs, and the future of AI at work August 7, 2025

GPT-5 is finally here, and you can access it for free today – no subscription needed August 7, 2025

I swapped my Sonos soundbar for one with detachable rear speakers – genius or gimmick? August 7, 2025

SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability August 7, 2025

Google Breached — What We Know, What They’re Saying August 7, 2025

IT Security News Hourly Summary 2025-08-07 18h : 5 posts August 7, 2025

My top 5 favorite iOS 26 features so far – and how to try them all now August 7, 2025

This AirTag key organizer has survived the ultimate torture test – and I’d buy it again any time August 7, 2025

This $180 mini projector has no business being this good for the price August 7, 2025

Proton Launches New Authenticator App With Standalone Features August 7, 2025

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 28, 2025 to August 3, 2025) August 7, 2025

Hacker Extradited to U.S. for $2.5 Million Tax Fraud Scheme August 7, 2025

These 17 iOS tweaks instantly extended my iPhone battery life – quick and easy August 7, 2025

Why I pick this Windows laptop for creatives over my MacBook Pro (and it’s not just price) August 7, 2025

Linux PC acting up? Here’s my first course of action (and why it fixes things most of the time) August 7, 2025

The TSA-approved multitool myth: I tested it on a plane so you don’t have to August 7, 2025

I’ve owned every Google Pixel flagship phone since the first – here’s why 2025 will be different August 7, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}