CVE-2021-36203 Johnson Controls Metasys SCT Pro

🗓️ 22 Apr 2022 14:44:10Reported by jciType

Affected product Johnson Controls Metasys SCT Pro allows attacker to identify and forge request

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2021-36203	22 Apr 202218:27	–	circl
CNNVD	Johnson Controls Metasys system 代码问题漏洞	21 Apr 202200:00	–	cnnvd
CVE	CVE-2021-36203	22 Apr 202214:44	–	cve
EUVD	EUVD-2021-22824	7 Oct 202500:30	–	euvd
ICS	Johnson Controls Metasys SCT Pro	21 Apr 202200:00	–	ics
NVD	CVE-2021-36203	22 Apr 202215:15	–	nvd
OSV	CVE-2021-36203	22 Apr 202215:15	–	osv
Prion	Cross site request forgery (csrf)	22 Apr 202215:15	–	prion
RedhatCVE	CVE-2021-36203	18 May 202217:24	–	redhatcve

[
  {
    "product": "Metasys System Configuration Tool (SCT)",
    "vendor": "Johnnson Controls",
    "versions": [
      {
        "lessThan": "14.2.2",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Metasys System Configuration Tool Pro (SCT Pro)",
    "vendor": "Johnnson Controls",
    "versions": [
      {
        "lessThan": "14.2.2",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/uscert/ics/advisories/icsa-22-111-02

03 May 2022 19:29Current

9.3High risk

Vulners AI Score9.3

CVSS 3.15.3

EPSS0.0081

CWE-918