The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.

Under certain circumstances the session token is not cleared on logout.

An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application.

Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2.

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop.

Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data.

An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.

Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.

The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01

A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5.