Lucene search
JciCVELIST:CVE-2021-36203HistoryApr 22, 2022 - 2:44 p.m.
CVE-2021-36203 Johnson Controls Metasys SCT Pro
2022-04-2214:44:10
CWE-918
jci
www.cve.org
3
johnson controls
metasys sct pro
attacker
identify
forge requests
specially crafted request
internal systems
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
9.3
Confidence
High
EPSS
0.001
Percentile
50.8%
The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.
CNA Affected
[
{
"product": "Metasys System Configuration Tool (SCT)",
"vendor": "Johnnson Controls",
"versions": [
{
"lessThan": "14.2.2",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "Metasys System Configuration Tool Pro (SCT Pro)",
"vendor": "Johnnson Controls",
"versions": [
{
"lessThan": "14.2.2",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
]Related
ics
ics
Johnson Controls Metasys SCT Pro
2022-04-21 12:00:00
nvd
nvd
CVE-2021-36203
2022-04-22 15:15:07
cve
cve
CVE-2021-36203
2022-04-22 15:15:07
prion
prion
Cross site request forgery (csrf)
2022-04-22 15:15:00
redhatcve
redhatcve
CVE-2021-36203
2022-05-18 17:24:34
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
9.3
Confidence
High
EPSS
0.001
Percentile
50.8%
Related for CVELIST:CVE-2021-36203