Description

Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions.

Related CPE's

a

johnsoncontrols

metasys

Vulnerable

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-01

Third Party AdvisoryUS Government Resource

https://us-cert.gov/ics/advisories

Third Party AdvisoryUS Government Resource

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Vendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-01

Third Party AdvisoryUS Government Resource

https://us-cert.gov/ics/advisories

Third Party AdvisoryUS Government Resource

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-269

[email protected]

Primary
CWE-269

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-06-04T13:15:07.517Z

4 years ago

Last modified

2024-11-21T04:58:23.307Z

1 year ago