Lucene search

K
nvd[email protected]NVD:CVE-2014-5427
HistoryMar 29, 2015 - 10:59 a.m.

CVE-2014-5427

2015-03-2910:59:00
CWE-200
web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%

Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.

Affected configurations

NVD
Node
johnsoncontrolsapplication_and_data_serverMatch-
OR
johnsoncontrolsextended_application_and_data_serverMatch-
OR
johnsoncontrolslonworks_control_server_lcs8520Match-
OR
johnsoncontrolsnetwork_automation_engine_5510-2Match-
OR
johnsoncontrolsnetwork_automation_engine_5510-2uMatch-
OR
johnsoncontrolsnetwork_automation_engine_5511-2Match-
OR
johnsoncontrolsnetwork_automation_engine_5520-2Match-
OR
johnsoncontrolsnetwork_automation_engine_5521-2Match-
OR
johnsoncontrolsnetwork_integration_engine_5510-2Match-
OR
johnsoncontrolsnetwork_integration_engine_5511-2Match-
OR
johnsoncontrolsnxe8500Match-
AND
johnsoncontrolsmetsysMatch4.1
OR
johnsoncontrolsmetsysMatch6.5

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%

Related for NVD:CVE-2014-5427