Lucene search

JciCVE-2023-2024

HistoryMay 18, 2023 - 9:15 p.m.

CVE-2023-2024

2023-05-1821:15:09

CWE-287

jci

web.nvd.nist.gov

cve-2023-2024

improper authentication

openblue enterprise manager

data collector

unauthorized access

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.

Affected configurations

Nvd

Node

johnsoncontrolsopenblue_enterprise_manager_data_collectorRange<3.2.5.75

VendorProductVersionCPE
johnsoncontrolsopenblue_enterprise_manager_data_collector*cpe:2.3:o:johnsoncontrols:openblue_enterprise_manager_data_collector:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
johnsoncontrols	openblue_enterprise_manager_data_collector	*	cpe:2.3:o:johnsoncontrols:openblue_enterprise_manager_data_collector::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenBlue Enterprise Manager Data Collector",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThan": "3.2.5.75",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-138-04

www.johnsoncontrols.com/cyber-solutions/security-advisories

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON

Related for CVE-2023-2024