Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2023/01/13 12:0 a.m.6 views

PT-2023-12265 · Johnson Controls · Metasys Ads/Adx/Oas

Name of the Vulnerable Software and Affected Versions: Johnson Controls Metasys ADS/ADX/OAS versions prior to 10.1.6 Johnson Controls Metasys ADS/ADX/OAS versions prior to 11.0.3 Description: An Insufficiently Protected Credentials issue allows API calls to expose credentials in plain text under...

7.8CVSS7.5AI score0.00418EPSS
Exploits0References7
Prion
Prion
added 2022/07/22 3:15 p.m.15 views

Code injection

Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users...

5CVSS5.3AI score0.00582EPSS
Exploits0References2Affected Software3
ICS
ICS
added 2022/07/21 12:0 a.m.63 views

Johnson Controls Metasys ADS, ADX, OAS

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc Equipment: Metasys ADS, ADX, OAS with MUI Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

5.3CVSS5.7AI score0.00582EPSS
Exploits0References5
Prion
Prion
added 2022/05/06 4:15 p.m.14 views

Code injection

Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2...

6CVSS8.5AI score0.00892EPSS
Exploits0References2Affected Software3
Rows per page
Query Builder