CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36203 – Johnson Controls Metasys SCT Pro
https://notcve.org/view.php?id=CVE-2021-36203
22 Apr 2022 — The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request. El producto afectado puede permitir que un atacante identifique y falsifique las solicitudes a los sistemas internos mediante una solicitud especialmente diseñada • https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-02 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-36205 – Metasys session token
https://notcve.org/view.php?id=CVE-2021-36205
15 Apr 2022 — Under certain circumstances the session token is not cleared on logout. Bajo determinadas circunstancias el token de sesión no es borrado al cerrar la sesión • https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-02 • CWE-459: Incomplete Cleanup •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-36202 – Metasys UI
https://notcve.org/view.php?id=CVE-2021-36202
07 Apr 2022 — Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2. La vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en Johnson Controls Metasys podría permitir a un atacante autenticado inyectar código malicioso en la función de exportación de PDF de MUI. Este prob... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-095-02 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27657 – Metasys Improper Privilege Management
https://notcve.org/view.php?id=CVE-2021-27657
04 Jun 2021 — Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions. Una explotación con éxito de esta vulnerabilidad podría otorgar a un usuario autenticado de Metasys un nivel de acceso no intencionado al sistema de archivos del servidor, per... • https://us-cert.cisa.gov/ics/advisories/icsa-21-159-01 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9050 – Metasys Reporting Engine (MRE) Web Services - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
https://notcve.org/view.php?id=CVE-2020-9050
19 Feb 2021 — Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system. Una vulnerabilidad Salto de Ruta se presenta en Metasys Reporting Engine (MRE) Web Services que podría permitir a un atacante remoto no autenticado acceder y descargar archivos arbitrarios del sistema • https://www.johnsoncontrols.com/cyber-solutions/security-advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 35EXPL: 0CVE-2020-9044 – Metasys Improper Restriction of XML External Entity Reference
https://notcve.org/view.php?id=CVE-2020-9044
10 Mar 2020 — XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1,... • https://www.johnsoncontrols.com/cyber-solutions/security-advisories • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7594 – Metasys use of hardcoded RC2 key
https://notcve.org/view.php?id=CVE-2019-7594
20 Aug 2019 — Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP). Los servidores Metasys® ADS/ADX y los motores NAE/NIE/NCE en versiones anteriores a la 9.0 utilizan una clave RC2 codificada para ciertas operaciones de cifrado que involucran el Portal de Administración del Sitio (SMP). • https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7593 – Metasys use of shared RSA key pairs
https://notcve.org/view.php?id=CVE-2019-7593
20 Aug 2019 — Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP). Los servidores Metasys® ADS/ADX y los motores NAE/NIE/NCE en versiones anteriores a la 9.0 hacen uso de un par de claves RSA compartidas para ciertas operaciones de cifrado que involucran el Portal de administración del sitio (SMP). • https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-798: Use of Hard-coded Credentials •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10624 – Johnson Controls Metasys and BCPro Generation of Error Message Containing Sensitive Information
https://notcve.org/view.php?id=CVE-2018-10624
01 Aug 2018 — In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information. En Johnson Controls Metasys System en versiones 8.0 y anteriores y BCPro (BCM) en todas las versiones anteriores a la 3.0.2, esta vulnerabilidad resulta de un manejo de errores incorrecto en las comunicaciones HTTP con el servidor, lo que podrí... • http://www.securityfocus.com/bid/104937 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-388: 7PK - Errors •