CVE-2022-21935
A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.
Date published : 2022-06-15
https://www.cisa.gov/uscert/ics/advisories/icsa-22-165-01
https://www.johnsoncontrols.com/cyber-solutions/security-advisories