CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2023-4486 – Uncontrolled Resource Consumption in Metasys and Facility Explorer
https://notcve.org/view.php?id=CVE-2023-4486
07 Dec 2023 — Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. En determinadas circunstancias, se podrían enviar credenciales de autenticación no válidas al endpoint de inicio de sesión de los motores Johnson Controls Metasys NAE55, SNE y SNC anteriores a la versión 12.0.4 y a los ... • https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 1%CPEs: 18EXPL: 0CVE-2023-4804 – Quantum HD Unity
https://notcve.org/view.php?id=CVE-2023-4804
10 Nov 2023 — An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. Un usuario no autorizado podría acceder a las funciones de depuración de los productos Quantum HD Unity que quedaron expuestos accidentalmente. An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01 • CWE-489: Active Debug Code •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3749 – VideoEdge config
https://notcve.org/view.php?id=CVE-2023-3749
03 Aug 2023 — A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-04 • CWE-345: Insufficient Verification of Data Authenticity CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3548 – IQ Wifi 6
https://notcve.org/view.php?id=CVE-2023-3548
25 Jul 2023 — An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-3127 – Improper Authentication in iSTAR
https://notcve.org/view.php?id=CVE-2023-3127
11 Jul 2023 — An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2023-0954 – Debug feature in Sensormatic Electronics Illustra Dome and PTZ cameras
https://notcve.org/view.php?id=CVE-2023-0954
08 Jun 2023 — A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-02 • CWE-489: Active Debug Code •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2025 – Exposure of Sensitive Information in OpenBlue Enterprise Manager Data Collector
https://notcve.org/view.php?id=CVE-2023-2025
18 May 2023 — OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-138-04 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2024 – Improper Authentication for OpenBlue Enterprise Manager Data Collector
https://notcve.org/view.php?id=CVE-2023-2024
18 May 2023 — Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances. • https://github.com/team890/CVE-2023-2024 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21940 – Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in System Configuration Tool (SCT)
https://notcve.org/view.php?id=CVE-2022-21940
09 Feb 2023 — Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03 • CWE-311: Missing Encryption of Sensitive Data CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21939 – Sensitive cookie without 'HttpOnly' flag in System Configuration Tool (SCT)
https://notcve.org/view.php?id=CVE-2022-21939
09 Feb 2023 — Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •