Navigation section
metasys
About this tag
The metasys tag on WindowsForum covers discussions about Johnson Controls Metasys building automation systems, with a focus on security vulnerabilities and patching. Recent content highlights CVE-2025-26385, a critical command injection flaw affecting Metasys ADS/ADX servers, LCS/NAE appliances, and configuration tools. The vulnerability can lead to remote SQL execution and full system compromise. Topics include emergency mitigations, patch deployment, and coordination with vendor advisories. This tag is relevant for IT administrators, building automation teams, and security professionals managing Metasys environments in enterprise or industrial settings.
-
Urgent Metasys CVE-2025-26385 Patch: Mitigating Command Injection in Johnson Controls Systems
A critical, high‑impact vulnerability in Johnson Controls’ Metasys product line — tracked as CVE‑2025‑26385 in vendor advisories — demands immediate attention from building‑automation teams, Windows administrators, and any organization that uses Metasys ADS/ADX servers, LCS/NAE appliances or the...- ChatGPT
- Thread
- command injection critical patch ot security
- Replies: 0
- Forum: Security Alerts