Lucene search
JciCVE-2022-21940HistoryFeb 09, 2023 - 9:15 p.m.
CVE-2022-21940
2023-02-0921:15:11
CWE-311
CWE-614
jci
web.nvd.nist.gov
28
cve-2022-21940
sensitive cookie
https
session
secure attribute
johnson controls system configuration tool
sct
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
6.2
Confidence
High
EPSS
0.001
Percentile
35.8%
Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
Affected configurations
Node
johnsoncontrolsmetasys_system_configuration_toolRange14.0–14.2.3
ORjohnsoncontrolsmetasys_system_configuration_toolRange15.0–15.0.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| johnsoncontrols | metasys_system_configuration_tool | * | cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "System Configuration Tool (SCT)",
"vendor": "Johnson Controls",
"versions": [
{
"lessThan": "14.2.3",
"status": "affected",
"version": "14",
"versionType": "custom"
},
{
"lessThan": "15.0.3",
"status": "affected",
"version": "15",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2022-21940
2023-02-09 21:15:11
prion
prion
Design/Logic Flaw
2023-02-09 21:15:00
cvelist
cvelist
ics
ics
Johnson Controls System Configuration Tool (SCT)
2023-02-09 12:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
6.2
Confidence
High
EPSS
0.001
Percentile
35.8%
Related for CVE-2022-21940