Lucene search

JciCVE-2023-4486

HistoryDec 07, 2023 - 8:15 p.m.

CVE-2023-4486

2023-12-0720:15:38

CWE-400

CWE-770

jci

web.nvd.nist.gov

cve-2023-4486

johnson controls metasys

nae55

sne

snc

facility explorer

f4-snc

denial-of-service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to

versions 11.0.6 and 12.0.4

and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.

Affected configurations

Nvd

Node

johnsoncontrolsnae55_firmwareRange<12.0.4

AND

johnsoncontrolsnae55Match-

Node

johnsoncontrolssne22000_firmwareRange<12.0.4

AND

johnsoncontrolssne22000Match-

Node

johnsoncontrolssne11000_firmwareRange<12.0.4

AND

johnsoncontrolssne11000Match-

Node

johnsoncontrolssne10500_firmwareRange<12.0.4

AND

johnsoncontrolssne10500Match-

Node

johnsoncontrolssne110l0_firmwareRange<12.0.4

AND

johnsoncontrolssne110l0Match-

Node

johnsoncontrolssnc25150-0_firmwareRange<12.0.4

AND

johnsoncontrolssnc25150-0Match-

Node

johnsoncontrolssnc25150-04_firmwareRange<12.0.4

AND

johnsoncontrolssnc25150-04Match-

Node

johnsoncontrolssnc16120-0_firmwareRange<12.0.4

AND

johnsoncontrolssnc16120-0Match-

Node

johnsoncontrolssnc16120-04_firmwareRange<12.0.4

AND

johnsoncontrolssnc16120-04Match-

Node

johnsoncontrolsf4-snc_firmwareRange<11.0.6

johnsoncontrolsf4-snc_firmwareRange12.0.0–12.0.4

AND

johnsoncontrolsf4-sncMatch-

VendorProductVersionCPE
johnsoncontrolsnae55_firmware*cpe:2.3:o:johnsoncontrols:nae55_firmware:*:*:*:*:*:*:*:*
johnsoncontrolsnae55-cpe:2.3:h:johnsoncontrols:nae55:-:*:*:*:*:*:*:*
johnsoncontrolssne22000_firmware*cpe:2.3:o:johnsoncontrols:sne22000_firmware:*:*:*:*:*:*:*:*
johnsoncontrolssne22000-cpe:2.3:h:johnsoncontrols:sne22000:-:*:*:*:*:*:*:*
johnsoncontrolssne11000_firmware*cpe:2.3:o:johnsoncontrols:sne11000_firmware:*:*:*:*:*:*:*:*
johnsoncontrolssne11000-cpe:2.3:h:johnsoncontrols:sne11000:-:*:*:*:*:*:*:*
johnsoncontrolssne10500_firmware*cpe:2.3:o:johnsoncontrols:sne10500_firmware:*:*:*:*:*:*:*:*
johnsoncontrolssne10500-cpe:2.3:h:johnsoncontrols:sne10500:-:*:*:*:*:*:*:*
johnsoncontrolssne110l0_firmware*cpe:2.3:o:johnsoncontrols:sne110l0_firmware:*:*:*:*:*:*:*:*
johnsoncontrolssne110l0-cpe:2.3:h:johnsoncontrols:sne110l0:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
johnsoncontrols	nae55_firmware	*	cpe:2.3:o:johnsoncontrols:nae55_firmware::::::::
johnsoncontrols	nae55	-	cpe:2.3:h:johnsoncontrols:nae55:-:::::::*
johnsoncontrols	sne22000_firmware	*	cpe:2.3:o:johnsoncontrols:sne22000_firmware::::::::
johnsoncontrols	sne22000	-	cpe:2.3:h:johnsoncontrols:sne22000:-:::::::*
johnsoncontrols	sne11000_firmware	*	cpe:2.3:o:johnsoncontrols:sne11000_firmware::::::::
johnsoncontrols	sne11000	-	cpe:2.3:h:johnsoncontrols:sne11000:-:::::::*
johnsoncontrols	sne10500_firmware	*	cpe:2.3:o:johnsoncontrols:sne10500_firmware::::::::
johnsoncontrols	sne10500	-	cpe:2.3:h:johnsoncontrols:sne10500:-:::::::*
johnsoncontrols	sne110l0_firmware	*	cpe:2.3:o:johnsoncontrols:sne110l0_firmware::::::::
johnsoncontrols	sne110l0	-	cpe:2.3:h:johnsoncontrols:sne110l0:-:::::::*

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Metasys NAE55/SNE/SNC",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThan": "12.0.4",
        "status": "affected",
        "version": "12.0",
        "versionType": "custom"
      },
      {
        "lessThan": "11.0.6",
        "status": "affected",
        "version": "11.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Facility Explorer F4-SNC",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThan": "12.0.4",
        "status": "affected",
        "version": "12.0",
        "versionType": "custom"
      },
      {
        "lessThan": "11.0.6",
        "status": "affected",
        "version": "11.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-341-03

www.johnsoncontrols.com/cyber-solutions/security-advisories

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for CVE-2023-4486