Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions.
                
            References
                    | Link | Resource | 
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-159-01 | Third Party Advisory US Government Resource | 
| https://us-cert.gov/ics/advisories | Third Party Advisory US Government Resource | 
| https://www.johnsoncontrols.com/cyber-solutions/security-advisories | Vendor Advisory | 
| https://us-cert.cisa.gov/ics/advisories/icsa-21-159-01 | Third Party Advisory US Government Resource | 
| https://us-cert.gov/ics/advisories | Third Party Advisory US Government Resource | 
| https://www.johnsoncontrols.com/cyber-solutions/security-advisories | Vendor Advisory | 
Configurations
                    History
                    21 Nov 2024, 05:58
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://us-cert.cisa.gov/ics/advisories/icsa-21-159-01 - Third Party Advisory, US Government Resource | |
| References | () https://us-cert.gov/ics/advisories - Third Party Advisory, US Government Resource | |
| References | () https://www.johnsoncontrols.com/cyber-solutions/security-advisories - Vendor Advisory | 
02 Dec 2021, 13:55
| Type | Values Removed | Values Added | 
|---|---|---|
| References | (CERT) https://us-cert.cisa.gov/ics/advisories/icsa-21-159-01 - Third Party Advisory, US Government Resource | 
23 Jun 2021, 11:15
| Type | Values Removed | Values Added | 
|---|---|---|
| References | 
 | 
17 Jun 2021, 15:32
| Type | Values Removed | Values Added | 
|---|---|---|
| References | (CERT) https://us-cert.gov/ics/advisories - Third Party Advisory, US Government Resource | |
| References | (CONFIRM) https://www.johnsoncontrols.com/cyber-solutions/security-advisories - Vendor Advisory | |
| CWE | CWE-269 | |
| CVSS | v2 : v3 : | v2 : 6.5 v3 : 8.8 | 
| CPE | cpe:2.3:a:johnsoncontrols:metasys:*:*:*:*:*:*:*:* | 
04 Jun 2021, 15:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2021-06-04 15:15
Updated : 2024-11-21 05:58
NVD link : CVE-2021-27657
Mitre link : CVE-2021-27657
CVE.ORG link : CVE-2021-27657
JSON object : View
Products Affected
                johnsoncontrols
- metasys
CWE
                
                    
                        
                        CWE-269
                        
            Improper Privilege Management
