CISA has published an advisory on a cleartext storage of sensitive information vulnerability in Johnson Controls Software House C-CURE 9000 and American Dynamics victor VMS. Version 2.70 of Software House C-CURE 9000 and version 5.2 of American Dynamics victor VMS are affected. Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application. Johnson Controls recommends a series of measures to mitigate the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.