{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/johnson-controls/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Automation Runtime","Automation Studio","PVI","PCM600","CEM AC2000","Pivot Client Application"],"_cs_severities":["medium"],"_cs_tags":["ics","vulnerability","scada"],"_cs_type":"advisory","_cs_vendors":["ABB","Hitachi Energy","Johnson Controls","MAXHUB"],"content_html":"\u003cp\u003eOn May 11, 2026, CISA published multiple ICS advisories addressing security vulnerabilities in several industrial control systems and related products. The affected vendors include ABB, Hitachi Energy, Johnson Controls, and MAXHUB. The advisories cover a range of products, including ABB B\u0026amp;R Automation Runtime and Studio, ABB B\u0026amp;R PVI, Hitachi Energy PCM600, Johnson Controls CEM AC2000, and MAXHUB Pivot Client Application. These vulnerabilities could potentially allow attackers to compromise affected systems, leading to disruption of industrial processes, unauthorized access, or data breaches. The advisories urge users and administrators to review the specific details for each product, apply suggested mitigations, and install available updates to remediate the identified risks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eDue to the breadth of products covered and lack of specific vulnerability details, a generalized attack chain is described below, which may vary based on the specific vulnerability and product:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access:\u003c/strong\u003e An attacker identifies a vulnerable ICS product exposed to a network.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Exploitation:\u003c/strong\u003e The attacker exploits a vulnerability in the targeted product.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation:\u003c/strong\u003e The attacker escalates privileges within the compromised system.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLateral Movement:\u003c/strong\u003e The attacker moves laterally to other systems within the ICS network.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Collection:\u003c/strong\u003e The attacker gathers sensitive information about the ICS environment and processes.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystem Manipulation:\u003c/strong\u003e The attacker manipulates ICS parameters or control logic.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDenial of Service:\u003c/strong\u003e The attacker causes a denial-of-service condition, disrupting industrial operations.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact:\u003c/strong\u003e The attack results in disruption of industrial processes, equipment damage, or safety incidents.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of vulnerabilities in ICS products can have significant consequences, including disruption of critical infrastructure, financial losses, safety hazards, and reputational damage. The specific impact depends on the nature of the targeted system and the attacker\u0026rsquo;s objectives. While the number of affected installations is unknown, the widespread use of these products in various industries suggests a potentially broad attack surface. Failure to apply necessary updates and mitigations could leave organizations vulnerable to attacks targeting these known weaknesses.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReview the CISA ICS advisories linked in the references for detailed information on each affected product.\u003c/li\u003e\n\u003cli\u003eApply the suggested mitigations and necessary updates for ABB B\u0026amp;R Automation Runtime (versions prior to 6.5 and prior to R4.93), ABB B\u0026amp;R Automation Studio (versions prior to 6.5), ABB B\u0026amp;R PVI (versions prior to 6.5.0), Hitachi Energy PCM600 (multiple versions), Johnson Controls CEM AC2000 (versions 12.0, 11.0 and 10.6), and MAXHUB Pivot Client Application (versions prior to v1.36.2).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity related to the affected products (network_connection log source).\u003c/li\u003e\n\u003cli\u003eImplement strong access controls and network segmentation to limit the potential impact of a successful attack.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-11T15:47:31Z","date_published":"2026-05-11T15:47:31Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cisa-ics-advisories/","summary":"CISA published ICS advisories addressing vulnerabilities in ABB B\u0026R Automation Runtime and Studio, ABB B\u0026R PVI, Hitachi Energy PCM600, Johnson Controls CEM AC2000, and MAXHUB Pivot Client Application, advising users to apply necessary updates and mitigations.","title":"CISA ICS Advisories Address Vulnerabilities in Multiple Products","url":"https://feed.craftedsignal.io/briefs/2026-05-cisa-ics-advisories/"}],"language":"en","title":"CraftedSignal Threat Feed — Johnson Controls","version":"https://jsonfeed.org/version/1.1"}