Login Sign Up

CVE-2023-2024

10.0 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows unauthorized users to bypass authentication in OpenBlue Enterprise Manager Data Collector under certain circumstances. It affects organizations using versions prior to 3.2.5.75 of this industrial control system software.

💻 Affected Systems

Products:
  • OpenBlue Enterprise Manager Data Collector
Versions: All versions prior to 3.2.5.75
Operating Systems: Not specified in advisory
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems with specific configurations that trigger the authentication bypass condition.

📦 What is this software?

Openblue Enterprise Manager Data Collector by Johnsoncontrols

View all CVEs affecting Openblue Enterprise Manager Data Collector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to access sensitive industrial control data, manipulate system operations, or pivot to other critical infrastructure systems.

🟠

Likely Case

Unauthorized access to industrial control system data, potential data exfiltration, and disruption of monitoring capabilities.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized network access to vulnerable systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CWE-287 indicates improper authentication, suggesting relatively straightforward exploitation once the specific circumstances are identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.5.75

Vendor Advisory: https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Restart Required: Yes

Instructions:

1. Download version 3.2.5.75 from Johnson Controls. 2. Backup current configuration. 3. Install the update following vendor documentation. 4. Restart the Data Collector service.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate OpenBlue Enterprise Manager Data Collector systems from untrusted networks and internet access.

Access Control Lists

all

Implement strict firewall rules limiting access to Data Collector systems to authorized IP addresses only.

🧯 If You Can't Patch

  • Implement network segmentation to isolate vulnerable systems
  • Deploy intrusion detection systems to monitor for authentication bypass attempts

🔍 How to Verify

Check if Vulnerable:

Check the OpenBlue Enterprise Manager Data Collector version in the system administration interface or configuration files.

Check Version:

Check vendor documentation for specific version check commands as they vary by deployment.

Verify Fix Applied:

Verify the version number shows 3.2.5.75 or higher after patching.

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts followed by successful access
  • Access from unexpected IP addresses
  • Authentication bypass patterns in application logs

Network Indicators:

  • Unauthorized access attempts to Data Collector ports
  • Traffic patterns indicating authentication bypass

SIEM Query:

source="openblue" AND (event_type="auth_failure" OR event_type="auth_bypass")

📊 Metadata

CVE ID: CVE-2023-2024
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
CWE: CWE-287
Published: May 18, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-2024, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)