This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Johnsoncontrols | First view | 2018-08-01 |
| Product | Metasys System | Last view | 2019-08-20 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:johnsoncontrols:metasys_system:*:*:*:*:*:*:*:* | 3 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.1 | 2019-08-20 | CVE-2019-7594 | Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP). |
| 9.1 | 2019-08-20 | CVE-2019-7593 | Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP). |
| 6.5 | 2018-08-01 | CVE-2018-10624 | In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 66% (2) | CWE-798 | Use of Hard-coded Credentials |
| 33% (1) | CWE-388 | Error Handling |
