Lucene search

K
nvd[email protected]NVD:CVE-2014-5427
HistoryMar 29, 2015 - 10:59 a.m.

CVE-2014-5427

2015-03-2910:59:00
CWE-200
web.nvd.nist.gov

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.006

Percentile

78.9%

Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.

Affected configurations

NVD
Node
johnsoncontrolsapplication_and_data_serverMatch-
OR
johnsoncontrolsextended_application_and_data_serverMatch-
OR
johnsoncontrolslonworks_control_server_lcs8520Match-
OR
johnsoncontrolsnetwork_automation_engine_5510-2Match-
OR
johnsoncontrolsnetwork_automation_engine_5510-2uMatch-
OR
johnsoncontrolsnetwork_automation_engine_5511-2Match-
OR
johnsoncontrolsnetwork_automation_engine_5520-2Match-
OR
johnsoncontrolsnetwork_automation_engine_5521-2Match-
OR
johnsoncontrolsnetwork_integration_engine_5510-2Match-
OR
johnsoncontrolsnetwork_integration_engine_5511-2Match-
OR
johnsoncontrolsnxe8500Match-
AND
johnsoncontrolsmetsysMatch4.1
OR
johnsoncontrolsmetsysMatch6.5

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.006

Percentile

78.9%

Related for NVD:CVE-2014-5427