Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Johnson Controls Equipment: Metasys Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability can allow a...

CVE-2019-7594

Metasys ADS/ADX servers and NAE/NIE/NCE engines before version 9.0 use a hardcoded RC2 key for Site Management Portal (SMP) encryption. This flaw can allow an attacker with access to the key to decrypt captured network traffic between the Metasys components and the SMP client. Affected products a...

CVE-2019-7593

Metasys ADS/ADX servers and NAE/NIE/NCE engines prior to version 9.0 use a shared RSA key pair for certain Site Management Portal (SMP) encryption, allowing an attacker with access to the key to decrypt captured traffic between the Metasys components and the SMP client. CVE-2019-7593 is authentic...

Ich hab noch nie - Corrupted files, Dynamic Code Loading, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Ich hab noch nie published at the 'play' market has multiple vulnerabilities...

Ich Hab Noch Nie - Dynamic Code Loading, External URLs, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application Ich Hab Noch Nie published at the 'play' market has multiple vulnerabilities...

CVE-2014-5428

CVE-2014-5428 describes an unrestricted file upload vulnerability in Johnson Controls Metasys web services (versions 4.1–6.5), used by ADS/ADX, LCS8520, NAE 55xx, NIE 5xxx, and NxE8500. An unauthenticated remote attacker could upload a shell script to execute arbitrary code on the Metasys system....

CVE-2014-5427

CVE-2014-5427 affects Johnson Controls Metasys 4.1–6.5 (ADS, ADX, LCS8520, NAE 55xx-x, NIE 5xxx-x, NxE8500). A remote, unauthenticated attacker can read password hashes via a POST request, exposing credentials and affecting confidentiality. Connected sources indicate multiple advisories and a pat...