2 matches found
CVE-2014-5428
CVE-2014-5428 describes an unrestricted file upload vulnerability in Johnson Controls Metasys web services (versions 4.1–6.5), used by ADS/ADX, LCS8520, NAE 55xx, NIE 5xxx, and NxE8500. An unauthenticated remote attacker could upload a shell script to execute arbitrary code on the Metasys system....
KLA10512 Multiple vulnerabilities in Johnson Controls Metasys
An unspecified vulnerabilities were found in Johnson Controls Metasys. By exploiting this vulnerability malicious users can execute arbitrary code or obtain sensitive information. These vulnerabilities can be exploited remotely via a speciaaly designed POST request or shell script. Original...