18 matches found
EUVD-2021-14407
Malware in sbrugna...
Johnson Controls Metasys and Facility Explorer Uncontrolled Resource Consumption (CVE-2023-4486)
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. This...
CVE-2023-4486
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service...
CVE-2023-4486
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service...
Design/Logic Flaw
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service...
CVE-2023-4486 Uncontrolled Resource Consumption in Metasys and Facility Explorer
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service...
CVE-2023-4486 Uncontrolled Resource Consumption in Metasys and Facility Explorer
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service...
CVE-2023-4486
Summary (CVE-2023-4486) : Johnson Controls Metasys and Facility Explorer are affected by an Uncontrolled Resource Consumption vulnerability. Under certain circumstances, invalid authentication credentials can be sent to the login endpoint of affected engines to cause denial-of-service. Affected p...
Johnson Controls Metasys and Facility Explorer (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls Equipment : Metasys and Facility Explorer Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
PT-2023-29311 · Johnson Controls · Metasys +1
Name of the Vulnerable Software and Affected Versions: Johnson Controls Metasys NAE55, SNE, and SNC engines versions prior to 11.0.6 and 12.0.4 Facility Explorer F4-SNC engines versions prior to 11.0.6 and 12.0.4 Description: Under certain circumstances, invalid authentication credentials could b...
Johnson Controls Facility Explorer Security Vulnerability
Johnson Controls Facility Explorer is a monitoring controller from Johnson Controls that provides scalable system-wide monitoring and control. A security vulnerability exists in Johnson Controls Metasys and Facility Explorer that stems from the possibility that invalid authentication credentials...
CVE-2021-27661
Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller F4-SNC user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to t...
CVE-2021-27661
Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller F4-SNC user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to t...
CVE-2021-27661
CVE-2021-27661 affects Johnson Controls Facility Explorer SNC Series Supervisory Controller (F4-SNC), specifically Version 11. The vulnerability is due to improper privilege management (CWE-269) and could allow an authenticated F4-SNC user to gain unintended access to the controller’s file system...
CVE-2021-27661 Facility Explorer
Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller F4-SNC user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to t...
Johnson Controls Facility Explorer
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Facility Explorer Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could give an authenticated user an unintended...
Johnson Controls Facility Explorer 安全漏洞
Johnson Controls Facility Explorer is a monitoring controller from Johnson Controls that provides scalable system-wide monitoring and control. A security vulnerability exists in Johnson Controls Facility Explorer that stems from improper privilege management and can be exploited by an attacker to...
Johnson Controls Facility Explorer
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Johnson Controls Equipment: Facility Explorer Vulnerabilities: Path Traversal, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read, write, and delete...