Johnson Controls AC2000 Uncontrolled Search Path Element Vulnerability

Vulnerability

An uncontrolled search path element vulnerability has been identified in Johnson Controls AC2000 software on Windows. This vulnerability allows manipulation of configuration file search paths, potentially leading to unauthorized access or execution of files. It affects AC2000 versions 10.6 prior to 10, 11.0 prior to 9, and 12 prior to 3.

Impact

Exploitation of this vulnerability could lead to unauthorized manipulation of configuration file search paths, potentially allowing for the execution of malicious files or commands.

Added: May 6, 2026, 6:36 PM

Updated: May 6, 2026, 6:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

3.1

remediation

0.0

relevance

7.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

3.1

remediation

0.0

relevance

7.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Johnson Controls AC2000 Uncontrolled Search Path Element Vulnerability

Vulnerability

Impact

Affected Products

Johnson Controls AC2000

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating