Lucene search
HistoryMar 29, 2015 - 10:59 a.m.
CVE-2014-5427
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0.006
Percentile
78.9%
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.
Affected configurations
Node
johnsoncontrolsapplication_and_data_serverMatch-
ORjohnsoncontrolsextended_application_and_data_serverMatch-
ORjohnsoncontrolslonworks_control_server_lcs8520Match-
ORjohnsoncontrolsnetwork_automation_engine_5510-2Match-
ORjohnsoncontrolsnetwork_automation_engine_5510-2uMatch-
ORjohnsoncontrolsnetwork_automation_engine_5511-2Match-
ORjohnsoncontrolsnetwork_automation_engine_5520-2Match-
ORjohnsoncontrolsnetwork_automation_engine_5521-2Match-
ORjohnsoncontrolsnetwork_integration_engine_5510-2Match-
ORjohnsoncontrolsnetwork_integration_engine_5511-2Match-
ORjohnsoncontrolsnxe8500Match-
johnsoncontrolsmetsysMatch4.1
ORjohnsoncontrolsmetsysMatch6.5
Related
prion
prion
Cross site request forgery (csrf)
2015-03-29 10:59:00
cve
cve
CVE-2014-5427
2015-03-29 10:59:00
cvelist
cvelist
CVE-2014-5427
2015-03-29 10:00:00
ics
ics
Johnson Controls Metasys Vulnerabilities
2018-08-27 12:00:00
kaspersky
kaspersky
KLA10512 Multiple vulnerabilities in Johnson Controls Metasys
2015-03-29 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0.006
Percentile
78.9%
Related for NVD:CVE-2014-5427