CVE-2022-21936 Information

Description

On Metasys ADX Server version 12.0 running MVE an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.

Reference

https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01 https://www.johnsoncontrols.com/cyber-solutions/security-advisories