1. EXECUTIVE SUMMARY
- CVSS v4 7.0
- ATTENTION: Exploitable remotely
- Vendor: Johnson Controls, Inc.
- Equipment: Illustra Pro Gen 4
- Vulnerability: Dependency on Vulnerable Third-Party Component
2. RISK EVALUATION
Successful exploitation of this vulnerability could impact confidentiality and integrity of the device.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Johnson Controls reports that the following versions of Illustra Pro Gen 4 Camera are affected:
- Illustra Pro Gen 4 Camera: Version SS016.05.03.01.0010 and prior
3.2 Vulnerability Overview
3.2.1 Dependency on Vulnerable Third-Party Component CWE-1395
Under certain circumstances the camera may be susceptible to known vulnerabilities associated with JQuery versions prior to 3.5.0 third-party component
CVE-2024-32753 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N).
A CVSS v4 score has also been calculated for CVE-2024-32753. A base score of 7.0 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Ireland