Tag: Cyber Security

Support procedure for reporting newly discovered cyber security vulnerabilities in Exacq Software

Post author By Brandon Powell
Post date July 17, 2023

This document will outline the procedures expected from Exacq Support staff in the event of discovering a previously unreported security vulnerability in an exacqVision product.

Product

Any exacqVision product

Procedure:

Verify the vulnerability has not already been properly reported at: https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Email the GPS (Global Product Security) team at: productsecurity@jci.com
- Provide vulnerability analysis in this email and any relevant links
- Provide customer details and contact information in this email
- Provide software product and software versions in this email
- CC the customer on the email
Inform the customer you have notified the appropriate team (GPS) and will be closing the Support ticket.

Our Global Product Security team will then be responsible for following up with this customer and resolving vulnerability.

Tags Cyber Security, Level2, Vulnerability Scan, Security Advisory, Product Security, Global Product Security, 16441, Security, Cybersecurity, Cyber Attacks, Cyber-security, Vulnerability

User Guides Documentation Categories Products

exacqVision 19.03 Hardening Guide

Post author By Ryan Ramage
Post date March 15, 2019

exacqVision-1903-Security-Hardening-Guidev10.pdf

Tags Cyber Security, Cybersecurity, Cybersecurity Overview, exacqVision 19.03 Cybersecurity, exacqVision 19.03 Cybersecurity Overview, 19835, exacqVision 19.03 Hardening Guide

User Guides Documentation Categories Products

exacqVision v9.2 Hardening Guide

Post author By Ryan Ramage
Post date May 24, 2018

exacqVision-92-Security-Hardening-Guide.pdf

Tags Cyber Security, Cybersecurity, exacqVision Cybersecurity Overview, Cybersecurity Overview, 19834, exacq Vision v9.2 Hardening Guide

Knowledge Support Support Categories Products exacqVision Hardware

exacqVision and Heartbleed

Post author By Rachel McClure
Post date April 23, 2014

In April 2014 a Security Advisory was issued by the OpenSSL project notifying the public of a serious vulnerability in the encryption software used by a large number of companies. (For detailed information, visit http://heartbleed.com/.) Exacq Technologies took immediate action to assess how this affects its products.

exacqVision uses OpenSSL for a few functions, but the version affected is used only in a small number of exacqVision products:

exacqVision Server and Client 6.0 for Window

OpenSSL 1.0.1e is used in exacqVision 6.0, released in March 2014. However, the use of this product is not subject to the Heartbleed vulnerability. You can optionally upgrade to the latest version that includes updated OpenSSL at https://exacq.com/support/downloads.php.

exacqVision S-Series

exaqVision S-Series systems use Ubuntu 12.04, which includes the affected version of OpenSSL. However, only specific non-default configurations expose the system to the Heartbleed vulnerability. See https://exacq.com/kb/?crc=61212 details.

exacqVision-and-Heartbleed-1.pdf

Tags S-Series, KB-00426-426-210210, Cyber Security, HeartBleed, 2314, Security Advisory, Guest, General