Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-5427
HistoryMar 29, 2015 - 10:59 a.m.

CVE-2014-5427

2015-03-2910:59:00
CWE-200
[email protected]
web.nvd.nist.gov
31
cve-2014-5427
johnson controls metasys
application and data server
ads
adx
lonworks control server
lcs8520
network automation engine
nae 55xx-x
network integration engine
nie 5xxx-x
nxe8500
password hashes
remote attackers
security vulnerability
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.0%

JSON

Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.

Affected configurations

NVD
Node
johnsoncontrolsapplication_and_data_serverMatch-
OR
johnsoncontrolsextended_application_and_data_serverMatch-
OR
johnsoncontrolslonworks_control_server_lcs8520Match-
OR
johnsoncontrolsnetwork_automation_engine_5510-2Match-
OR
johnsoncontrolsnetwork_automation_engine_5510-2uMatch-
OR
johnsoncontrolsnetwork_automation_engine_5511-2Match-
OR
johnsoncontrolsnetwork_automation_engine_5520-2Match-
OR
johnsoncontrolsnetwork_automation_engine_5521-2Match-
OR
johnsoncontrolsnetwork_integration_engine_5510-2Match-
OR
johnsoncontrolsnetwork_integration_engine_5511-2Match-
OR
johnsoncontrolsnxe8500Match-
AND
johnsoncontrolsmetsysMatch4.1
OR
johnsoncontrolsmetsysMatch6.5

Related

cvelist 1
prion 1
nvd 1
ics 1
kaspersky 1
cvelist
cvelist
CVE-2014-5427
2015-03-29 10:00:00
prion
prion
Cross site request forgery (csrf)
2015-03-29 10:59:00
nvd
nvd
CVE-2014-5427
2015-03-29 10:59:00
ics
ics
Johnson Controls Metasys Vulnerabilities
2018-08-27 12:00:00
kaspersky
kaspersky
KLA10512 Multiple vulnerabilities in Johnson Controls Metasys
2015-03-29 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.0%

JSON
Related for CVE-2014-5427
cvelist1prion1nvd1ics1kaspersky1