OTPulse
FeedAboutContact

Johnson Controls Facility Explorer

Plan Patch8.8ICS-CERT ICSA-21-182-01Jul 1, 2021
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

A privilege escalation vulnerability in the Johnson Controls Facility Explorer SNC Series Supervisory Controller (F4-SNC) allows an authenticated user to bypass file access restrictions and access the controller's file system. Successful exploitation gives the attacker unintended access to read, modify, or delete files on the device.

What this means
What could happen
An authenticated user could gain unintended access to the file system of the Facility Explorer SNC Series controller, potentially allowing them to read, modify, or delete critical building automation configuration and data.
Who's at risk
Facility managers and building automation engineers who operate Johnson Controls Facility Explorer SNC Series Supervisory Controllers in commercial buildings, hospitals, data centers, and manufacturing plants should be concerned. These controllers manage HVAC, lighting, access control, and other critical building systems.
How it could be exploited
An attacker with valid credentials to the Facility Explorer controller can bypass file access controls to read or manipulate files on the device's file system. This requires network connectivity to the controller and valid user credentials.
Prerequisites
  • Network access to the Facility Explorer SNC Series controller
  • Valid user credentials for the controller
  • Authentication to the controller interface
remotely exploitablerequires valid credentialslow complexity attackhigh CVSS score (8.8)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Facility Explorer SNC Series Supervisory Controller:11No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict network access to the Facility Explorer controller—do not expose it to the Internet or untrusted networks
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply Johnson Controls patch to Facility Explorer SNC Series Supervisory Controllers (F4-SNC) as described in Product Security Advisory JCI-PSA-2021-11 v1
Long-term hardening
0/1
WORKAROUNDIf remote access to the controller is required, use a VPN with current security updates; ensure the VPN connection itself is secure
Mitigations - no patch available
0/1
Facility Explorer SNC Series Supervisory Controller: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate Facility Explorer controllers from the business network using firewalls and network segmentation
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a66a3851-06c2-467f-aa94-93a568e5b8a3