CVE-2023-4486

Summary (CVE-2023-4486) : Johnson Controls Metasys and Facility Explorer are affected by an Uncontrolled Resource Consumption vulnerability. Under certain circumstances, invalid authentication credentials can be sent to the login endpoint of affected engines to cause denial-of-service. Affected p...

PT-2023-29311 · Johnson Controls · Metasys +1

Name of the Vulnerable Software and Affected Versions: Johnson Controls Metasys NAE55, SNE, and SNC engines versions prior to 11.0.6 and 12.0.4 Facility Explorer F4-SNC engines versions prior to 11.0.6 and 12.0.4 Description: Under certain circumstances, invalid authentication credentials could b...

CVE-2021-27661

Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller F4-SNC user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to t...

Design/Logic Flaw

Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller F4-SNC user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to t...