// For flags

CVE-2021-36203

Johnson Controls Metasys SCT Pro

Severity Score

9.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.

El producto afectado puede permitir que un atacante identifique y falsifique las solicitudes a los sistemas internos mediante una solicitud especialmente diseƱada

*Credits: Tony West and Scott Ponte reported this vulnerability to Johnson Controls. Johnson Controls reported this vulnerability to CISA.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-07-06 CVE Reserved
  • 2022-04-22 CVE Published
  • 2024-09-17 CVE Updated
  • 2025-01-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (1)
URL Tag Source
https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-02 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Johnsoncontrols
Search vendor "Johnsoncontrols"
 Metasys System Configuration Tool
Search vendor "Johnsoncontrols" for product "Metasys System Configuration Tool"
 < 14.2.2
Search vendor "Johnsoncontrols" for product "Metasys System Configuration Tool" and version " < 14.2.2"
-
Affected
Johnsoncontrols
Search vendor "Johnsoncontrols"
 Metasys System Configuration Tool
Search vendor "Johnsoncontrols" for product "Metasys System Configuration Tool"
 < 14.2.2
Search vendor "Johnsoncontrols" for product "Metasys System Configuration Tool" and version " < 14.2.2"
pro
Affected