Johnson Controls releases patches for Illustra Essentials Gen 4 IP cameras
Take action: If you are using Johnson Controls Illustra Essentials Gen 4, make sure they are isolated from the internet and accessible only from trusted networks. Then plan to patch them.
Learn More
Johnson Controls has patched a critical security vulnerability in their Illustra Essentials Gen 4 IP cameras.
The vulnerability, tracked as CVE-2024-32755 (CVSS score 9.1) allows remote attackers to inject commands through improper input validation in the web interface of the Illustra Essentials Gen 4 IP cameras. The web interface does not adequately sanitize user inputs, allowing attackers to submit characters that are not expected by the system. This flaw can be exploited to inject malicious commands, gaining unauthorized access and control over the affected devices.
Johnson Controls has identified that all versions of Illustra Essentials Gen 4 IP cameras up to and including Illustra.Ess4.01.02.10.5982 are vulnerable.
Johnson Controls has released an updated firmware version, Illustra.Ess4.01.02.13.6953, which addresses this vulnerability. Users are strongly urged to upgrade their cameras to this version immediately.
