CISA has published an advisory on an improper access control vulnerability in Johnson Controls Kantech EntraPass. For Special Edition, Corporate Edition, and Global Edition, all versions up to and including v8.22 are affected. Successful exploitation of this vulnerability could potentially allow an authorized low-privileged user to gain full system-level privileges Johnson Controls recommends users upgrade all Kantech EntraPass Editions to Version 8.23. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.