Lucene search

[email protected]NVD:CVE-2014-5427

HistoryMar 29, 2015 - 10:59 a.m.

CVE-2014-5427

2015-03-2910:59:00

CWE-200

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%

JSON

Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.

Affected configurations

NVD

Node

johnsoncontrolsapplication_and_data_serverMatch-

johnsoncontrolsextended_application_and_data_serverMatch-

johnsoncontrolslonworks_control_server_lcs8520Match-

johnsoncontrolsnetwork_automation_engine_5510-2Match-

johnsoncontrolsnetwork_automation_engine_5510-2uMatch-

johnsoncontrolsnetwork_automation_engine_5511-2Match-

johnsoncontrolsnetwork_automation_engine_5520-2Match-

johnsoncontrolsnetwork_automation_engine_5521-2Match-

johnsoncontrolsnetwork_integration_engine_5510-2Match-

johnsoncontrolsnetwork_integration_engine_5511-2Match-

johnsoncontrolsnxe8500Match-

AND

johnsoncontrolsmetsysMatch4.1

johnsoncontrolsmetsysMatch6.5

References

ics-cert.us-cert.gov/advisories/ICSA-14-350-02

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%

JSON

Related for NVD:CVE-2014-5427

prion1 cve1 cvelist1 ics1 kaspersky1