Design/Logic Flaw

2023-12-0720:15:00

PRIOn knowledge base

www.prio-n.com

invalid authentication

johnson controls

metasys nae55

sne

snc engines

facility explorer

denial-of-service

nvd

7.3 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.1%

JSON

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to

versions 11.0.6 and 12.0.4

and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.

CPENameOperatorVersion
f4-snc_firmwarelt11.0.6
f4-snc_firmwarege12.0.0
f4-snc_firmwarelt12.0.4
nae55_firmwarelt12.0.4
snc16120-04_firmwarelt12.0.4
snc16120-0_firmwarelt12.0.4
snc25150-04_firmwarelt12.0.4
snc25150-0_firmwarelt12.0.4
sne10500_firmwarelt12.0.4
sne11000_firmwarelt12.0.4

Name	Operator	Version
f4-snc_firmware	lt	11.0.6
f4-snc_firmware	ge	12.0.0
f4-snc_firmware	lt	12.0.4
nae55_firmware	lt	12.0.4
snc16120-04_firmware	lt	12.0.4
snc16120-0_firmware	lt	12.0.4
snc25150-04_firmware	lt	12.0.4
snc25150-0_firmware	lt	12.0.4
sne10500_firmware	lt	12.0.4
sne11000_firmware	lt	12.0.4