Lucene search

[email protected]NVD:CVE-2023-4486

HistoryDec 07, 2023 - 8:15 p.m.

CVE-2023-4486

2023-12-0720:15:38

CWE-400

CWE-770

[email protected]

web.nvd.nist.gov

authentication

endpoint

johnson controls metasys

nae55

sne

snc engines

facility explorer

denial-of-service

security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to

versions 11.0.6 and 12.0.4

and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.

Affected configurations

NVD

Node

johnsoncontrolsnae55_firmwareRange<12.0.4

AND

johnsoncontrolsnae55Match-

Node

johnsoncontrolssne22000_firmwareRange<12.0.4

AND

johnsoncontrolssne22000Match-

Node

johnsoncontrolssne11000_firmwareRange<12.0.4

AND

johnsoncontrolssne11000Match-

Node

johnsoncontrolssne10500_firmwareRange<12.0.4

AND

johnsoncontrolssne10500Match-

Node

johnsoncontrolssne110l0_firmwareRange<12.0.4

AND

johnsoncontrolssne110l0Match-

Node

johnsoncontrolssnc25150-0_firmwareRange<12.0.4

AND

johnsoncontrolssnc25150-0Match-

Node

johnsoncontrolssnc25150-04_firmwareRange<12.0.4

AND

johnsoncontrolssnc25150-04Match-

Node

johnsoncontrolssnc16120-0_firmwareRange<12.0.4

AND

johnsoncontrolssnc16120-0Match-

Node

johnsoncontrolssnc16120-04_firmwareRange<12.0.4

AND

johnsoncontrolssnc16120-04Match-

Node

johnsoncontrolsf4-snc_firmwareRange<11.0.6

johnsoncontrolsf4-snc_firmwareRange12.0.0–12.0.4

AND

johnsoncontrolsf4-sncMatch-

References

www.cisa.gov/news-events/ics-advisories/icsa-23-341-03

www.johnsoncontrols.com/cyber-solutions/security-advisories

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for NVD:CVE-2023-4486

cve1 prion1 cvelist1 ics1 nessus1