Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to
versions 11.0.6 and 12.0.4
and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03 | Third Party Advisory US Government Resource |
https://www.johnsoncontrols.com/cyber-solutions/security-advisories | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
19 Dec 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. |
13 Dec 2023, 18:47
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-770 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03 - Third Party Advisory, US Government Resource | |
References | () https://www.johnsoncontrols.com/cyber-solutions/security-advisories - Vendor Advisory | |
CPE | cpe:2.3:o:johnsoncontrols:sne110l0_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:snc16120-0_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:snc16120-04_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:sne22000:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:f4-snc_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:nae55:-:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:f4-snc:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:snc25150-04_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:snc25150-0:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:sne22000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:snc25150-04:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:sne10500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:sne10500:-:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:snc16120-0:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:nae55_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:sne11000:-:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:sne110l0:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:sne11000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:snc25150-0_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:snc16120-04:-:*:*:*:*:*:*:* |
07 Dec 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-07 20:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-4486
Mitre link : CVE-2023-4486
CVE.ORG link : CVE-2023-4486
JSON object : View
Products Affected
johnsoncontrols
- snc25150-0
- snc16120-0_firmware
- snc25150-0_firmware
- sne10500_firmware
- snc16120-0
- sne110l0
- sne110l0_firmware
- snc25150-04_firmware
- snc16120-04
- sne11000
- sne10500
- nae55
- sne22000_firmware
- snc25150-04
- sne11000_firmware
- f4-snc_firmware
- nae55_firmware
- snc16120-04_firmware
- f4-snc
- sne22000