Lucene search

JciCVELIST:CVE-2021-27661

HistoryJul 01, 2021 - 1:41 p.m.

CVE-2021-27661 Facility Explorer

2021-07-0113:41:58

CWE-269

jci

www.cve.org

vulnerability

facility explorer

snc series

supervisory controller

file system

web messages

exploitation

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC.

CNA Affected

[
  {
    "product": "Facility Explorer SNC Series Supervisory Controllers (F4-SNC)",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "status": "affected",
        "version": "Facility Explorer SNC Series Supervisory Controllers version 11 11"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-21-182-01

www.johnsoncontrols.com/cyber-solutions/security-advisories

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Related for CVELIST:CVE-2021-27661