Under certain circumstances the exacqVision Web Service can expose authentication token details within communications.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-06
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories