CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

RedhatCVE•added 2026/01/31 3:21 p.m.•5 views

CVE-2025-26385

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

9.5CVSS6AI score0.00231EPSS

Exploits0References1

EUVD•added 2026/01/30 11:5 a.m.•1 views

EUVD-2025-206581

9.5CVSS6AI score0.00231EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-5316

Malware in sbrugna...

10CVSS6.4AI score0.0265EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-22825

Malware in sbrugna...

7.8CVSS7.5AI score0.00176EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-5315

Malware in sbrugna...

5CVSS6.4AI score0.00533EPSS

Exploits0References2

Tenable Nessus•added 2023/12/14 12:0 a.m.•28 views

Johnson Controls Metasys and Facility Explorer Uncontrolled Resource Consumption (CVE-2023-4486)

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. This...

7.5CVSS7.1AI score0.00171EPSS

Exploits0References3

NVD•added 2023/12/07 8:15 p.m.•9 views

CVE-2023-4486

7.5CVSS0.00171EPSS

Exploits0References2

CVE•added 2023/12/07 7:55 p.m.•41 views

CVE-2023-4486

Summary (CVE-2023-4486) : Johnson Controls Metasys and Facility Explorer are affected by an Uncontrolled Resource Consumption vulnerability. Under certain circumstances, invalid authentication credentials can be sent to the login endpoint of affected engines to cause denial-of-service. Affected p...

7.5CVSS7.6AI score0.00171EPSS

Exploits0References2Affected Software1

CNNVD•added 2023/12/07 12:0 a.m.•1 views

Johnson Controls Facility Explorer Security Vulnerability

Johnson Controls Facility Explorer is a monitoring controller from Johnson Controls that provides scalable system-wide monitoring and control. A security vulnerability exists in Johnson Controls Metasys and Facility Explorer that stems from the possibility that invalid authentication credentials...

7.5CVSS7.6AI score0.00171EPSS

Exploits0References4

CNNVD•added 2023/01/13 12:0 a.m.•1 views

Johnson Controls Metasys ADS/ADX/OAS 安全漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS version 10 up to and including 10.1.6, and version 11 up to and including 11.0.3, which stems from insufficient...

7.8CVSS7.2AI score0.00176EPSS

Exploits0References3

ICS•added 2023/01/12 12:0 a.m.•29 views

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Johnson Controls Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in exposed credentials in plain text...

7.8CVSS7.9AI score0.00176EPSS

Exploits0References4

CISA•added 2023/01/12 12:0 a.m.•14 views

CISA Releases Twelve Industrial Control Systems Advisories

CISA released twelve Industrial Control Systems ICS advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

0.8AI score

Exploits0References12

CNNVD•added 2022/06/14 12:0 a.m.•1 views

Johnson Controls Metasys ADS/ADX/OAS Servers 跨站脚本漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. A cross-site scripting vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS Servers versions 10 and 11, which arises from improper neutralization of input during web page generation...

8.7CVSS5.6AI score0.00541EPSS

Exploits0References5

CNNVD•added 2022/05/05 12:0 a.m.•1 views

Johnson Controls Metasys ADS/ADX/OAS servers 授权问题漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. A security vulnerability in Johnson Controls Metasys ADS/ADX/OAS servers Series 10 versions prior to 10.1.5 and Series 11 versions prior to 11.0.1 can be exploited by an attacker to allow an...

8.8CVSS7.9AI score0.00254EPSS

Exploits0References4

CNNVD•added 2022/04/14 12:0 a.m.•1 views

Johnson Controls Metasys ADS/ADX/OAS Servers 安全漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers are an application and data server from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS Servers that stems from the fact that under certain circumstances, session tokens are not cleared upon logout...

9.8CVSS8.3AI score0.00275EPSS

Exploits0References6

NVD•added 2022/04/07 8:15 p.m.•12 views

CVE-2021-36202

Server-Side Request Forgery SSRF vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0....

8.8CVSS0.0019EPSS

Exploits0References2

Prion•added 2022/04/07 8:15 p.m.•7 views

Server side request forgery (ssrf)

6.5CVSS8.5AI score0.0019EPSS

Exploits0References2Affected Software3

CVE•added 2022/04/07 7:12 p.m.•95 views

CVE-2021-36202

CVE-2021-36202 describes a Server-Side Request Forgery (SSRF) in Johnson Controls Metasys’ MUI PDF export feature. An authenticated attacker could inject malicious code via this export path. Affected products are Metasys ADS/ADX/OAS versions prior to 10.1.5 and versions prior to 11.0.2. Mitigatio...

8.8CVSS8.6AI score0.0019EPSS

Exploits0References2Affected Software3

CNNVD•added 2022/03/21 12:0 a.m.•0 views

Johnson Controls Metasys system 代码问题漏洞

The Johnson Controls Metasys system is a building automation system from Johnson Controls. A code issue exists in Johnson Controls Metasys ADS/ADX/OAS 10-series servers prior to version 10.1.5 and 11-series servers prior to version 11.0.2 in regards to MUI PDF. An authenticated attacker can injec...

8.8CVSS8.1AI score0.0019EPSS

Exploits0References5

Tenable Nessus•added 2022/02/07 12:0 a.m.•33 views

Johnson Controls Metasys Improper Restriction of XML External Entity Reference (CVE-2020-9044)

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server ADS, ADS-Lite versions 10.1 and prior; Metasys Extended Application and...

9.1CVSS7.3AI score0.00269EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by