HIGH🇵🇱 Wersja polska

CVE-2023-4486

CVSS 7.5v3.1pub. 2023-12-07upd. 2024-11-21

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Johnsoncontrols F4 Snc

    HW
    Johnsoncontrols
    wszystkie wersje
  • Johnsoncontrols F4 Snc Firmware

    OS
    Johnsoncontrols
    < 11.0.612.0.0 – 12.0.4 (bez)
  • Johnsoncontrols Nae55

    HW
    Johnsoncontrols
    wszystkie wersje
  • Johnsoncontrols Nae55 Firmware

    OS
    Johnsoncontrols
    < 12.0.4
  • Johnsoncontrols Snc16120 0

    HW
    Johnsoncontrols
    wszystkie wersje
  • Johnsoncontrols Snc16120 04

    HW
    Johnsoncontrols
    wszystkie wersje
  • Johnsoncontrols Snc16120 04 Firmware

    OS
    Johnsoncontrols
    < 12.0.4
  • Johnsoncontrols Snc16120 0 Firmware

    OS
    Johnsoncontrols
    < 12.0.4
  • Johnsoncontrols Snc25150 0

    HW
    Johnsoncontrols
    wszystkie wersje
  • Johnsoncontrols Snc25150 04

    HW
    Johnsoncontrols
    wszystkie wersje
  • Johnsoncontrols Snc25150 04 Firmware

    OS
    Johnsoncontrols
    < 12.0.4
  • Johnsoncontrols Snc25150 0 Firmware

    OS
    Johnsoncontrols
    < 12.0.4
  • Johnsoncontrols Sne10500

    HW
    Johnsoncontrols
    wszystkie wersje
  • Johnsoncontrols Sne10500 Firmware

    OS
    Johnsoncontrols
    < 12.0.4
  • Johnsoncontrols Sne11000

    HW
    Johnsoncontrols
    wszystkie wersje
  • Johnsoncontrols Sne11000 Firmware

    OS
    Johnsoncontrols
    < 12.0.4
  • Johnsoncontrols Sne110l0

    HW
    Johnsoncontrols
    wszystkie wersje
  • Johnsoncontrols Sne110l0 Firmware

    OS
    Johnsoncontrols
    < 12.0.4
  • Johnsoncontrols Sne22000

    HW
    Johnsoncontrols
    wszystkie wersje
  • Johnsoncontrols Sne22000 Firmware

    OS
    Johnsoncontrols
    < 12.0.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-27661HIGH8.8ten sam produkt

Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervi...

CVE-2020-9044HIGH7.5ten sam produkt

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate D...

CVE-2024-32758CRITICAL9.0PL ✓ten sam vendor

Niewystarczająca długość klucza kryptograficznego w komunikacji exacqVision

CVE-2023-4804CRITICAL10.0ten sam vendor

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.

CVE-2023-2024CRITICAL10.0ten sam vendor

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access ...