Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to
versions 11.0.6 and 12.0.4
and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03 | Third Party Advisory US Government Resource |
https://www.johnsoncontrols.com/cyber-solutions/security-advisories | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
19 Dec 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. |
13 Dec 2023, 18:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:johnsoncontrols:sne22000:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:nae55_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:sne10500:-:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:sne110l0:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:snc25150-04_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:snc25150-0:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:snc25150-0_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:f4-snc_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:snc16120-04_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:sne22000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:snc16120-0_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:sne11000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:sne110l0_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:f4-snc:-:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:snc16120-04:-:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:sne11000:-:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:snc16120-0:-:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:nae55:-:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:snc25150-04:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:sne10500_firmware:*:*:*:*:*:*:*:* |
|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03 - Third Party Advisory, US Government Resource | |
References | () https://www.johnsoncontrols.com/cyber-solutions/security-advisories - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-770 | |
First Time |
Johnsoncontrols sne22000
Johnsoncontrols snc25150-0 Firmware Johnsoncontrols f4-snc Firmware Johnsoncontrols snc25150-04 Johnsoncontrols snc25150-04 Firmware Johnsoncontrols sne10500 Johnsoncontrols sne11000 Johnsoncontrols snc16120-0 Firmware Johnsoncontrols f4-snc Johnsoncontrols snc16120-04 Johnsoncontrols sne22000 Firmware Johnsoncontrols nae55 Johnsoncontrols Johnsoncontrols sne10500 Firmware Johnsoncontrols snc16120-0 Johnsoncontrols sne11000 Firmware Johnsoncontrols nae55 Firmware Johnsoncontrols snc25150-0 Johnsoncontrols snc16120-04 Firmware Johnsoncontrols sne110l0 Firmware Johnsoncontrols sne110l0 |
07 Dec 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-07 20:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-4486
Mitre link : CVE-2023-4486
CVE.ORG link : CVE-2023-4486
JSON object : View
Products Affected
johnsoncontrols
- snc25150-04_firmware
- snc25150-04
- sne110l0
- sne11000
- sne10500
- sne10500_firmware
- snc25150-0
- sne11000_firmware
- sne22000
- f4-snc_firmware
- sne22000_firmware
- f4-snc
- sne110l0_firmware
- snc16120-04_firmware
- nae55
- snc16120-04
- snc16120-0
- nae55_firmware
- snc16120-0_firmware
- snc25150-0_firmware