ICS: Johnson Controls CEM Systems AC2000
December 1, 2021Rewterz Threat Alert – Phobos Ransomware – Active IOCs
December 1, 2021ICS: Johnson Controls CEM Systems AC2000
December 1, 2021Rewterz Threat Alert – Phobos Ransomware – Active IOCs
December 1, 2021Severity
High
Analysis Summary
CVE-2021-35528
A flaw in the application authentication and authorization mechanism that depends on local validation of the session identifier allows an unauthorized, signed Java Applet JAR file to be executed.
Impact
- Unauthorized Access
Affected Vendors
- Hitachi Energy
Affected Products
- Retail Operations: Version 5.7.3 and prior
- Counterparty Settlement and Billing (CSB): Version 5.7.3 and prior
Remediation
Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.