Filtered by vendor Johnsoncontrols
Subscribe
Search
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4804 | 1 Johnsoncontrols | 12 Quantum Hd Unity Acuair, Quantum Hd Unity Acuair Firmware, Quantum Hd Unity Compressor and 9 more | 2023-11-16 | N/A | 9.8 CRITICAL |
| An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | |||||
| CVE-2021-36203 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2022-05-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request. | |||||
| CVE-2021-36205 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2022-04-25 | 6.8 MEDIUM | 9.8 CRITICAL |
| Under certain circumstances the session token is not cleared on logout. | |||||
| CVE-2021-27664 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2021-10-18 | 6.8 MEDIUM | 9.8 CRITICAL |
| Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server. | |||||
| CVE-2021-27663 | 1 Johnsoncontrols | 2 Ac2000, Ac2000 Firmware | 2021-09-07 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5. | |||||
| CVE-2020-9044 | 1 Johnsoncontrols | 20 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Lonworks Control Server and 17 more | 2020-03-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1. | |||||
| CVE-2019-7589 | 1 Johnsoncontrols | 1 Entrapass | 2020-03-11 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior. | |||||
| CVE-2019-7594 | 1 Johnsoncontrols | 1 Metasys System | 2020-02-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP). | |||||
| CVE-2019-7593 | 1 Johnsoncontrols | 1 Metasys System | 2020-02-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP). | |||||