Johnson Controls FX80 and FX90

Source: All CISA Advisories | Added:

Johnson Controls has identified a vulnerability in their FX80 and FX90 products due to a dependency on a vulnerable third-party component, which could allow attackers to compromise device configuration files. The vulnerability, tracked as CVE-2025-43867, has a CVSS v4 score of 8.4, indicating a significant risk.

Impact: FX80, FX90

In the Wild: No

Age: Newly disclosed

Remediation: Update to the latest version; apply patches 14.10.11 and 14.14.2 as applicable.

CVE Vulnerability Patch Update

Read Full Original Article →