Johnson Controls CEM AC2000
Summary
A DLL hijacking vulnerability in Johnson Controls CEM AC2000 (versions 12.0, 11.0, and 10.6) allows a standard user to escalate privileges on the host machine. Successful exploitation requires an attacker to exploit an uncontrolled search path element. Johnson Controls has released specific patch versions for each affected version to address this vulnerability.
IFF Assessment
This vulnerability allows for privilege escalation, which is bad news for defenders as it can grant attackers greater access and control over compromised systems.
Severity
The CVSS score of 8.7 indicates a high severity, reflecting that the vulnerability can be exploited by a standard user and allows for privilege escalation, significantly impacting confidentiality, integrity, and availability.
Defender Context
This vulnerability affects critical infrastructure sectors and could lead to significant compromise if exploited. Defenders should prioritize patching affected Johnson Controls CEM AC2000 systems to the recommended versions. Organizations should also review access controls and monitor for any signs of unauthorized privilege escalation.