CISA has published an advisory on an improper authorization vulnerability in Johnson Controls Sensormatic Electronics American Dynamics Victor Web Client. All versions up to and including v5.4.1 are affected. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to delete arbitrary files on the system or render the system unusable through a denial-of-service attack. Johnson Controls recommends users upgrade all versions of victor Web Client to v5.6. CISA also recommends a series of measures to mitigate this vulnerability. Read the advisory at CISA.