Kaspersky LabKLA10512KLA10512 Multiple vulnerabilities in Johnson Controls Metasys
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.9%
An unspecified vulnerabilities were found in Johnson Controls Metasys. By exploiting this vulnerability malicious users can execute arbitrary code or obtain sensitive information. These vulnerabilities can be exploited remotely via a speciaaly designed POST request or shell script.
Original advisories
Related products
CVE list
CVE-2014-5428 critical
CVE-2014-5427 critical
Solution
Update products, which is using these versions of component
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Affected Products
- Johnson Controls Metasys versions from 4.1 toΒ 6.5
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.9%