CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2023-4486 – Uncontrolled Resource Consumption in Metasys and Facility Explorer
https://notcve.org/view.php?id=CVE-2023-4486
07 Dec 2023 — Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. En determinadas circunstancias, se podrían enviar credenciales de autenticación no válidas al endpoint de inicio de sesión de los motores Johnson Controls Metasys NAE55, SNE y SNC anteriores a la versión 12.0.4 y a los ... • https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27661 – Facility Explorer
https://notcve.org/view.php?id=CVE-2021-27661
01 Jul 2021 — Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC. Una explotación con éxito de esta vulnerabilidad podría dar a un usuario autenticado del Controlador de Supervisión de la Serie SNC de Facility Explorer (F4-SNC) un nivel de acceso no deseado al sistema... • https://us-cert.cisa.gov/ics/advisories/icsa-21-182-01 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •