The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | network_controller_firmware | 03.0 |
| johnsoncontrols | network_controller | ck721-a |
| johnsoncontrols | network_controller_firmware | * |
The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | pegasys_p2000_server | - |
| johnsoncontrols | pegasys_p2000_server_software | * |
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metsys | 6.5 |
| johnsoncontrols | metsys | 4.1 |
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metsys | 6.5 |
| johnsoncontrols | metsys | 4.1 |
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.
CVSS 2.0
Severity: LOW
Problem Type: CWE-209,CWE-388,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_system | * |
| johnsoncontrols | bcpro | * |
A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| productsecurity@jci.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | entrapass | * |
ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-428,CWE-428,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | exacqvision_server | 9.6 |
| johnsoncontrols | exacqvision_server | 9.8 |
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-323,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_system | * |
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-321,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_system | * |
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | nie59_firmware | 9.0.6 |
| johnsoncontrols | ord-c100-13_uuklc_firmware | 8.1 |
| johnsoncontrols | nae55_firmware | 9.0.6 |
| johnsoncontrols | nie55_firmware | 9.0.3 |
| johnsoncontrols | nae55_firmware | 9.0.1 |
| johnsoncontrols | metasys_open_data_server | * |
| johnsoncontrols | nae85_firmware | * |
| johnsoncontrols | metasys_open_application_server | 10.1 |
| johnsoncontrols | nie85_firmware | * |
| johnsoncontrols | nie55_firmware | 9.0.2 |
| johnsoncontrols | metasys_application_and_data_server | * |
| johnsoncontrols | nie55_firmware | 9.0.1 |
| johnsoncontrols | nie59_firmware | 9.0.2 |
| johnsoncontrols | ul_864_uukl_firmware | 8.1 |
| johnsoncontrols | metasys_system_configuration_tool | * |
| johnsoncontrols | nae55_firmware | 9.0.5 |
| johnsoncontrols | nae55_firmware | 9.0.2 |
| johnsoncontrols | metasys_extended_application_and_data_server | * |
| johnsoncontrols | nie59_firmware | 9.0.5 |
| johnsoncontrols | nie55_firmware | 9.0.5 |
| johnsoncontrols | nie59_firmware | 9.0.3 |
| johnsoncontrols | nae55_firmware | 8.1 |
| johnsoncontrols | nae55_firmware | 9.0.3 |
| johnsoncontrols | metasys_lonworks_control_server | * |
| johnsoncontrols | nie55_firmware | 9.0.6 |
| johnsoncontrols | nie59_firmware | 9.0.1 |
During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 9.9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 3.1 | 6.0 |
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-312,CWE-312,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tyco | victor_video_management_system | 5.2 |
| johnsoncontrols | c-cure_9000_firmware | 2.70 |
A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| productsecurity@jci.com | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | kantech_entrapass | * |
A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L | 1.0 | 5.3 |
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-347,CWE-347,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | exacqvision_enterprise_manager | * |
| johnsoncontrols | exacqvision_web_service | * |
A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 7.1 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L | 2.8 | 4.2 |
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-285,CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tyco | c-cure_web_client | * |
| johnsoncontrols | victor_web_client | * |
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 1.6 | 3.6 |
| productsecurity@jci.com | 7.1 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L | 1.6 | 5.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-285,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | victor_web | * |
| johnsoncontrols | c-cure_web | * |
Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| productsecurity@jci.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_reporting_engine | 2.1 |
| johnsoncontrols | metasys_reporting_engine | 2.0 |
A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| productsecurity@jci.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | exacqvision_web_service | * |
Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys | * |
exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
| productsecurity@jci.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | exacqvision_enterprise_manager | * |
exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| productsecurity@jci.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | exacqvision_web_service | * |
An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | c-cure_9000_firmware | * |
Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | f4-snc_firmware | 11 |
The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L | 3.9 | 4.7 |
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-294,CWE-294,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | kantech_kt-1_door_controller_firmware | * |
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| productsecurity@jci.com | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N | 3.9 | 4.2 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-285,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | ac2000_firmware | * |
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | exacqvision_web_service | * |
An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | exacqvision_server | * |
Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| productsecurity@jci.com | 8.3 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L | 2.8 | 5.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | kantech_entrapass | * |
Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-228,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | videoedge | * |
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_extended_application_and_data_server | * |
| johnsoncontrols | metasys_application_and_data_server | * |
| johnsoncontrols | metasys_open_application_server | * |
Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | c-cure_9000_firmware | * |
Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 8.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L | 1.8 | 6.0 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_extended_application_and_data_server | * |
| johnsoncontrols | metasys_application_and_data_server | * |
| johnsoncontrols | metasys_open_application_server | * |
The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_system_configuration_tool | * |
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_extended_application_and_data_server | * |
| johnsoncontrols | metasys_application_and_data_server | * |
| johnsoncontrols | metasys_open_application_server | * |
Under certain circumstances the session token is not cleared on logout.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| productsecurity@jci.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-459,CWE-459,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_extended_application_and_data_server | * |
| johnsoncontrols | metasys_application_and_data_server | * |
| johnsoncontrols | metasys_open_application_server | * |
All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N | 3.9 | 5.8 |
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | cevas | * |
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| productsecurity@jci.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_extended_application_and_data_server | * |
| johnsoncontrols | metasys_application_and_data_server | * |
| johnsoncontrols | metasys_open_application_server | * |
Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 8.0 | HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-620,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_extended_application_and_data_server | * |
| johnsoncontrols | metasys_application_and_data_server | * |
| johnsoncontrols | metasys_open_application_server | * |
A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 7.5 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-620,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_extended_application_and_data_server | 11.0.1 |
| johnsoncontrols | metasys_extended_application_and_data_server | * |
| johnsoncontrols | metasys_application_and_data_server | 11.0.1 |
| johnsoncontrols | metasys_extended_application_and_data_server | 11.0 |
| johnsoncontrols | metasys_open_application_server | 11.0 |
| johnsoncontrols | metasys_application_and_data_server | 11.0 |
| johnsoncontrols | metasys_application_and_data_server | * |
| johnsoncontrols | metasys_open_application_server | * |
| johnsoncontrols | metasys_open_application_server | 11.0.1 |
On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
| productsecurity@jci.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_extended_application_and_data_server | 12.0 |
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
| productsecurity@jci.com | 8.7 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N | 2.3 | 5.8 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_extended_application_and_data_server | 11.0.1 |
| johnsoncontrols | metasys_extended_application_and_data_server | * |
| johnsoncontrols | metasys_application_and_data_server | 11.0.1 |
| johnsoncontrols | metasys_extended_application_and_data_server | 11.0 |
| johnsoncontrols | metasys_open_application_server | 11.0 |
| johnsoncontrols | metasys_application_and_data_server | 11.0 |
| johnsoncontrols | metasys_application_and_data_server | * |
| johnsoncontrols | metasys_open_application_server | * |
| johnsoncontrols | metasys_open_application_server | 11.0.1 |
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
| productsecurity@jci.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N | 1.7 | 5.8 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_extended_application_and_data_server | 11.0.1 |
| johnsoncontrols | metasys_extended_application_and_data_server | * |
| johnsoncontrols | metasys_application_and_data_server | 11.0.1 |
| johnsoncontrols | metasys_extended_application_and_data_server | 11.0 |
| johnsoncontrols | metasys_open_application_server | 11.0 |
| johnsoncontrols | metasys_application_and_data_server | 11.0 |
| johnsoncontrols | metasys_application_and_data_server | * |
| johnsoncontrols | metasys_open_application_server | * |
| johnsoncontrols | metasys_open_application_server | 11.0.1 |
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_system_configuration_tool | * |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| productsecurity@jci.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | metasys_system_configuration_tool | * |
All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 3.9 | 6.0 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | istar_ultra_firmware | * |
An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | easyio_cpt_graphics | 0.8 |
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 7.5 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L | 1.6 | 5.3 |
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 1.6 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | iosmart_gen_1_firmware | * |
A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 8.3 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H | 1.6 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | illustra_pro_gen_4_dome_firmware | * |
| johnsoncontrols | illustra_pro_gen_4_ptz_firmware | * |
Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N | 3.9 | 5.8 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | openblue_enterprise_manager_data_collector | * |
OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 5.0 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N | 3.1 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | openblue_enterprise_manager_data_collector | * |
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 7.5 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L | 1.6 | 5.3 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | istar_ultra_firmware | 6.9.2 |
| johnsoncontrols | edge_g2_firmware | 6.9.2 |
| johnsoncontrols | istar_ultra_g2_firmware | 6.9.2 |
| johnsoncontrols | istar_ultra_firmware | * |
| johnsoncontrols | istar_ultra_lt_firmware | * |
| johnsoncontrols | istar_ultra_lt_firmware | 6.9.2 |
| johnsoncontrols | istar_ultra_g2_firmware | * |
| johnsoncontrols | edge_g2_firmware | * |
An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 8.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L | 3.9 | 3.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | iq_wifi_6_firmware | * |
A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | videoedge | * |
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| productsecurity@jci.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | snc25150-0_firmware | * |
| johnsoncontrols | sne10500_firmware | * |
| johnsoncontrols | sne110l0_firmware | * |
| johnsoncontrols | nae55_firmware | * |
| johnsoncontrols | sne11000_firmware | * |
| johnsoncontrols | f4-snc_firmware | * |
| johnsoncontrols | snc16120-04_firmware | * |
| johnsoncontrols | sne22000_firmware | * |
| johnsoncontrols | snc25150-04_firmware | * |
| johnsoncontrols | snc16120-0_firmware | * |
An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 3.9 | 6.0 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | quantum_hd_unity_acuair_firmware | * |
| johnsoncontrols | quantum_hd_unity_condenser/vessel_firmware | * |
| johnsoncontrols | quantum_hd_unity_evaporator_firmware | * |
| johnsoncontrols | quantum_hd_unity_compressor_firmware | * |
| johnsoncontrols | quantum_hd_unity_engine_room_firmware | * |
| johnsoncontrols | quantum_hd_unity_interface_firmware | * |
Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| productsecurity@jci.com | 7.3 | HIGH | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H | 0.9 | 5.8 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | qolsys_iq_panel_4_firmware | * |
| johnsoncontrols | qolsys_iq4_hub_firmware | * |
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | software_house_c-cure_9000_siteserver | 3.00.2 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | frick_controls_quantum_hd_firmware | * |
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | frick_controls_quantum_hd_firmware | * |
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | frick_controls_quantum_hd_firmware | * |
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | frick_controls_quantum_hd_firmware | * |
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects Frick Controls Quantum HD: Frick Controls Quantum HD version 10.22 and prior.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | frick_controls_quantum_hd_firmware | * |
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick Controls Quantum HD version 10.22 and prior.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| johnsoncontrols | frick_controls_quantum_hd_firmware | * |