Lucene search
IcscertCVE-2014-5427HistoryMar 29, 2015 - 10:59 a.m.
CVE-2014-5427
2015-03-2910:59:00
CWE-200
icscert
web.nvd.nist.gov
38
cve-2014-5427
johnson controls metasys
application and data server
ads
adx
lonworks control server
lcs8520
network automation engine
nae 55xx-x
network integration engine
nie 5xxx-x
nxe8500
password hashes
remote attackers
security vulnerability
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.006
Percentile
78.9%
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.
Affected configurations
Node
johnsoncontrolsapplication_and_data_serverMatch-
ORjohnsoncontrolsextended_application_and_data_serverMatch-
ORjohnsoncontrolslonworks_control_server_lcs8520Match-
ORjohnsoncontrolsnetwork_automation_engine_5510-2Match-
ORjohnsoncontrolsnetwork_automation_engine_5510-2uMatch-
ORjohnsoncontrolsnetwork_automation_engine_5511-2Match-
ORjohnsoncontrolsnetwork_automation_engine_5520-2Match-
ORjohnsoncontrolsnetwork_automation_engine_5521-2Match-
ORjohnsoncontrolsnetwork_integration_engine_5510-2Match-
ORjohnsoncontrolsnetwork_integration_engine_5511-2Match-
ORjohnsoncontrolsnxe8500Match-
johnsoncontrolsmetsysMatch4.1
ORjohnsoncontrolsmetsysMatch6.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| johnsoncontrols | application_and_data_server | - | cpe:2.3:h:johnsoncontrols:application_and_data_server:-:*:*:*:*:*:*:* |
| johnsoncontrols | extended_application_and_data_server | - | cpe:2.3:h:johnsoncontrols:extended_application_and_data_server:-:*:*:*:*:*:*:* |
| johnsoncontrols | lonworks_control_server_lcs8520 | - | cpe:2.3:h:johnsoncontrols:lonworks_control_server_lcs8520:-:*:*:*:*:*:*:* |
| johnsoncontrols | network_automation_engine_5510-2 | - | cpe:2.3:h:johnsoncontrols:network_automation_engine_5510-2:-:*:*:*:*:*:*:* |
| johnsoncontrols | network_automation_engine_5510-2u | - | cpe:2.3:h:johnsoncontrols:network_automation_engine_5510-2u:-:*:*:*:*:*:*:* |
| johnsoncontrols | network_automation_engine_5511-2 | - | cpe:2.3:h:johnsoncontrols:network_automation_engine_5511-2:-:*:*:*:*:*:*:* |
| johnsoncontrols | network_automation_engine_5520-2 | - | cpe:2.3:h:johnsoncontrols:network_automation_engine_5520-2:-:*:*:*:*:*:*:* |
| johnsoncontrols | network_automation_engine_5521-2 | - | cpe:2.3:h:johnsoncontrols:network_automation_engine_5521-2:-:*:*:*:*:*:*:* |
| johnsoncontrols | network_integration_engine_5510-2 | - | cpe:2.3:h:johnsoncontrols:network_integration_engine_5510-2:-:*:*:*:*:*:*:* |
| johnsoncontrols | network_integration_engine_5511-2 | - | cpe:2.3:h:johnsoncontrols:network_integration_engine_5511-2:-:*:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2015-03-29 10:59:00
nvd
nvd
CVE-2014-5427
2015-03-29 10:59:00
cvelist
cvelist
CVE-2014-5427
2015-03-29 10:00:00
kaspersky
kaspersky
KLA10512 Multiple vulnerabilities in Johnson Controls Metasys
2015-03-29 00:00:00
ics
ics
Johnson Controls Metasys Vulnerabilities
2018-08-27 12:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.006
Percentile
78.9%
Related for CVE-2014-5427