CVE-2020-9044
Metasys Improper Restriction of XML External Entity Reference
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1.
Hay la vulnerabilidad de tipo XXE, en la familia de productos Web Services de Metasys, que tiene el potencial de facilitar ataques de DoS o la recolección de archivos de servidor ASCII. Esto afecta a Metasys Application and Data Server (ADS, ADS-Lite) versiones 10.1 y anteriores; Metasys Extended Application and Data Server (ADX) versiones 10.1 y anteriores; Metasys Open Data Server (ODS) versiones 10.1 y anteriores; Metasys Open Application Server (OAS) versión 10.1; Metasys Network Automation Engine (solo NAE55) versiones 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versiones 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versiones 10.1 y anteriores; Metasys LonWorks Control Server (LCS) versiones 10.1 y anteriores; Metasys System Configuration Tool (SCT) versiones 13.2 y anteriores; Metasys Snake Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edición Listad) versión 8.1, todas de Johnson Control.
*Credits:
Lukasz Rupala
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-02-18 CVE Reserved
- 2020-03-10 CVE Published
- 2024-08-04 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-070-05 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.johnsoncontrols.com/cyber-solutions/security-advisories | 2020-03-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nae55 Firmware Search vendor "Johnsoncontrols" for product "Nae55 Firmware" | 9.0.1 Search vendor "Johnsoncontrols" for product "Nae55 Firmware" and version "9.0.1" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nae55 Search vendor "Johnsoncontrols" for product "Nae55" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nae55 Firmware Search vendor "Johnsoncontrols" for product "Nae55 Firmware" | 9.0.2 Search vendor "Johnsoncontrols" for product "Nae55 Firmware" and version "9.0.2" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nae55 Search vendor "Johnsoncontrols" for product "Nae55" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nae55 Firmware Search vendor "Johnsoncontrols" for product "Nae55 Firmware" | 9.0.3 Search vendor "Johnsoncontrols" for product "Nae55 Firmware" and version "9.0.3" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nae55 Search vendor "Johnsoncontrols" for product "Nae55" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nae55 Firmware Search vendor "Johnsoncontrols" for product "Nae55 Firmware" | 9.0.5 Search vendor "Johnsoncontrols" for product "Nae55 Firmware" and version "9.0.5" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nae55 Search vendor "Johnsoncontrols" for product "Nae55" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nae55 Firmware Search vendor "Johnsoncontrols" for product "Nae55 Firmware" | 9.0.6 Search vendor "Johnsoncontrols" for product "Nae55 Firmware" and version "9.0.6" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nae55 Search vendor "Johnsoncontrols" for product "Nae55" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nie55 Firmware Search vendor "Johnsoncontrols" for product "Nie55 Firmware" | 9.0.1 Search vendor "Johnsoncontrols" for product "Nie55 Firmware" and version "9.0.1" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nie55 Search vendor "Johnsoncontrols" for product "Nie55" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nie55 Firmware Search vendor "Johnsoncontrols" for product "Nie55 Firmware" | 9.0.2 Search vendor "Johnsoncontrols" for product "Nie55 Firmware" and version "9.0.2" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nie55 Search vendor "Johnsoncontrols" for product "Nie55" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nie55 Firmware Search vendor "Johnsoncontrols" for product "Nie55 Firmware" | 9.0.3 Search vendor "Johnsoncontrols" for product "Nie55 Firmware" and version "9.0.3" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nie55 Search vendor "Johnsoncontrols" for product "Nie55" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nie55 Firmware Search vendor "Johnsoncontrols" for product "Nie55 Firmware" | 9.0.5 Search vendor "Johnsoncontrols" for product "Nie55 Firmware" and version "9.0.5" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nie55 Search vendor "Johnsoncontrols" for product "Nie55" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nie55 Firmware Search vendor "Johnsoncontrols" for product "Nie55 Firmware" | 9.0.6 Search vendor "Johnsoncontrols" for product "Nie55 Firmware" and version "9.0.6" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nie55 Search vendor "Johnsoncontrols" for product "Nie55" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nie59 Firmware Search vendor "Johnsoncontrols" for product "Nie59 Firmware" | 9.0.1 Search vendor "Johnsoncontrols" for product "Nie59 Firmware" and version "9.0.1" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nie59 Search vendor "Johnsoncontrols" for product "Nie59" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nie59 Firmware Search vendor "Johnsoncontrols" for product "Nie59 Firmware" | 9.0.2 Search vendor "Johnsoncontrols" for product "Nie59 Firmware" and version "9.0.2" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nie59 Search vendor "Johnsoncontrols" for product "Nie59" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nie59 Firmware Search vendor "Johnsoncontrols" for product "Nie59 Firmware" | 9.0.3 Search vendor "Johnsoncontrols" for product "Nie59 Firmware" and version "9.0.3" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nie59 Search vendor "Johnsoncontrols" for product "Nie59" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nie59 Firmware Search vendor "Johnsoncontrols" for product "Nie59 Firmware" | 9.0.5 Search vendor "Johnsoncontrols" for product "Nie59 Firmware" and version "9.0.5" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nie59 Search vendor "Johnsoncontrols" for product "Nie59" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nie59 Firmware Search vendor "Johnsoncontrols" for product "Nie59 Firmware" | 9.0.6 Search vendor "Johnsoncontrols" for product "Nie59 Firmware" and version "9.0.6" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nie59 Search vendor "Johnsoncontrols" for product "Nie59" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nae85 Firmware Search vendor "Johnsoncontrols" for product "Nae85 Firmware" | <= 10.1 Search vendor "Johnsoncontrols" for product "Nae85 Firmware" and version " <= 10.1" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nae85 Search vendor "Johnsoncontrols" for product "Nae85" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nie85 Firmware Search vendor "Johnsoncontrols" for product "Nie85 Firmware" | <= 10.1 Search vendor "Johnsoncontrols" for product "Nie85 Firmware" and version " <= 10.1" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nie85 Search vendor "Johnsoncontrols" for product "Nie85" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Nae55 Firmware Search vendor "Johnsoncontrols" for product "Nae55 Firmware" | 8.1 Search vendor "Johnsoncontrols" for product "Nae55 Firmware" and version "8.1" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Nae55 Search vendor "Johnsoncontrols" for product "Nae55" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Ul 864 Uukl Firmware Search vendor "Johnsoncontrols" for product "Ul 864 Uukl Firmware" | 8.1 Search vendor "Johnsoncontrols" for product "Ul 864 Uukl Firmware" and version "8.1" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Ul 864 Uukl Search vendor "Johnsoncontrols" for product "Ul 864 Uukl" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Ord-c100-13 Uuklc Firmware Search vendor "Johnsoncontrols" for product "Ord-c100-13 Uuklc Firmware" | 8.1 Search vendor "Johnsoncontrols" for product "Ord-c100-13 Uuklc Firmware" and version "8.1" | - |
Affected
| in | Johnsoncontrols Search vendor "Johnsoncontrols" | Ord-c100-13 Uuklc Search vendor "Johnsoncontrols" for product "Ord-c100-13 Uuklc" | - | - |
Safe
|
| Johnsoncontrols Search vendor "Johnsoncontrols" | Metasys Application And Data Server Search vendor "Johnsoncontrols" for product "Metasys Application And Data Server" | <= 10.1 Search vendor "Johnsoncontrols" for product "Metasys Application And Data Server" and version " <= 10.1" | - |
Affected
| ||||||
| Johnsoncontrols Search vendor "Johnsoncontrols" | Metasys Application And Data Server Search vendor "Johnsoncontrols" for product "Metasys Application And Data Server" | <= 10.1 Search vendor "Johnsoncontrols" for product "Metasys Application And Data Server" and version " <= 10.1" | lite |
Affected
| ||||||
| Johnsoncontrols Search vendor "Johnsoncontrols" | Metasys Extended Application And Data Server Search vendor "Johnsoncontrols" for product "Metasys Extended Application And Data Server" | <= 10.1 Search vendor "Johnsoncontrols" for product "Metasys Extended Application And Data Server" and version " <= 10.1" | - |
Affected
| ||||||
| Johnsoncontrols Search vendor "Johnsoncontrols" | Metasys Lonworks Control Server Search vendor "Johnsoncontrols" for product "Metasys Lonworks Control Server" | <= 10.1 Search vendor "Johnsoncontrols" for product "Metasys Lonworks Control Server" and version " <= 10.1" | - |
Affected
| ||||||
| Johnsoncontrols Search vendor "Johnsoncontrols" | Metasys Open Application Server Search vendor "Johnsoncontrols" for product "Metasys Open Application Server" | 10.1 Search vendor "Johnsoncontrols" for product "Metasys Open Application Server" and version "10.1" | - |
Affected
| ||||||
| Johnsoncontrols Search vendor "Johnsoncontrols" | Metasys Open Data Server Search vendor "Johnsoncontrols" for product "Metasys Open Data Server" | <= 10.1 Search vendor "Johnsoncontrols" for product "Metasys Open Data Server" and version " <= 10.1" | - |
Affected
| ||||||
| Johnsoncontrols Search vendor "Johnsoncontrols" | Metasys System Configuration Tool Search vendor "Johnsoncontrols" for product "Metasys System Configuration Tool" | <= 13.2 Search vendor "Johnsoncontrols" for product "Metasys System Configuration Tool" and version " <= 13.2" | - |
Affected
| ||||||