Filtered by vendor Johnsoncontrols
Subscribe
Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36203 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request. | |||||
| CVE-2022-21937 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-02-28 | 2.1 LOW | 5.4 MEDIUM |
| Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface. | |||||
| CVE-2021-27664 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server. | |||||
| CVE-2021-27665 | 1 Johnsoncontrols | 1 Exacqvision Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition. | |||||
| CVE-2021-27662 | 1 Johnsoncontrols | 2 Kantech Kt-1 Door Controller, Kantech Kt-1 Door Controller Firmware | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01 | |||||
| CVE-2021-36198 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. | |||||
| CVE-2021-36199 | 1 Johnsoncontrols | 1 Videoedge | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop. | |||||
| CVE-2021-27659 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users. | |||||
| CVE-2021-27657 | 1 Johnsoncontrols | 1 Metasys | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions. | |||||
| CVE-2021-27658 | 1 Johnsoncontrols | 1 Exacqvision Enterprise Manager | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users. | |||||
| CVE-2021-27661 | 1 Johnsoncontrols | 2 F4-snc, F4-snc Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC. | |||||
| CVE-2021-27663 | 1 Johnsoncontrols | 2 Ac2000, Ac2000 Firmware | 2024-02-28 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5. | |||||
| CVE-2021-27660 | 1 Johnsoncontrols | 2 C-cure 9000, C-cure 9000 Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs. | |||||
| CVE-2021-27656 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system. | |||||
| CVE-2020-9050 | 1 Johnsoncontrols | 1 Metasys Reporting Engine | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system. | |||||
| CVE-2020-9049 | 1 Johnsoncontrols | 2 C-cure Web, Victor Web | 2024-02-28 | 5.7 MEDIUM | 5.3 MEDIUM |
| A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack. | |||||
| CVE-2020-9048 | 2 Johnsoncontrols, Tyco | 2 Victor Web Client, C-cure Web Client | 2024-02-28 | 7.8 HIGH | 8.1 HIGH |
| A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack. | |||||
| CVE-2020-9046 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. | |||||
| CVE-2020-9045 | 2 Johnsoncontrols, Tyco | 2 C-cure 9000 Firmware, Victor Video Management System | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation. | |||||
| CVE-2020-9047 | 1 Johnsoncontrols | 2 Exacqvision Enterprise Manager, Exacqvision Web Service | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system. | |||||