CVE-2023-4486

high

Description

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.

References

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03

Details

Source: Mitre, NVD

Published: 2023-12-07

Updated: 2023-12-19

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H