CVE-2025-26385

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

Johnsoncontrols Metasys Improper Restriction of XML External Entity Reference

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server ADS, ADS-Lite versions 10.1 and prior; Metasys Extended Application and...

Johnson Controls MS-NCE2510-0 Metasys NCE Controller

Binary data 764894.prm...

CVE-2014-5427

CVE-2014-5427 affects Johnson Controls Metasys 4.1–6.5 (ADS, ADX, LCS8520, NAE 55xx-x, NIE 5xxx-x, NxE8500). A remote, unauthenticated attacker can read password hashes via a POST request, exposing credentials and affecting confidentiality. Connected sources indicate multiple advisories and a pat...

CVE-2014-5428

Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server ADS, Extended Application and Data Server aka ADX, LonWorks Control Server 85 LCS8520, Network Automation Engine NAE 55xx-x, Network Integration...