Lucene search
JciCVE-2022-21939HistoryFeb 09, 2023 - 9:15 p.m.
CVE-2022-21939
2023-02-0921:15:11
CWE-732
CWE-1004
jci
web.nvd.nist.gov
29
cve-2022-21939
sensitive cookie
httponly flag
johnson controls system configuration tool
sct
security vulnerability
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
6.2
Confidence
High
EPSS
0.001
Percentile
35.8%
Sensitive Cookie Without ‘HttpOnly’ Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
Affected configurations
Node
johnsoncontrolsmetasys_system_configuration_toolRange14.0–14.2.3
ORjohnsoncontrolsmetasys_system_configuration_toolRange15.0–15.0.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| johnsoncontrols | metasys_system_configuration_tool | * | cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "System Configuration Tool (SCT)",
"vendor": "Johnson Controls",
"versions": [
{
"lessThan": "14.2.3",
"status": "affected",
"version": "14",
"versionType": "custom"
},
{
"lessThan": "15.0.3",
"status": "affected",
"version": "15",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2022-21939
2023-02-09 21:15:11
prion
prion
Design/Logic Flaw
2023-02-09 21:15:00
cvelist
cvelist
ics
ics
Johnson Controls System Configuration Tool (SCT)
2023-02-09 12:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
6.2
Confidence
High
EPSS
0.001
Percentile
35.8%
Related for CVE-2022-21939