Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for entrapass by johnsoncontrols

    CVE-2019-7589 (GCVE-0-2019-7589)

    Vulnerability from nvd – Published: 2020-03-10 19:32 – Updated: 2024-08-04 20:54
    VLAI
    Title
    Kantech EntraPass Improper Input Validation
    Summary
    A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior.
    CWE
    • CWE-20 - - Improper Input Validation
    Assigner
    jci
    References
    Impacted products
    Credits
    Joachim Kerschbaumer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:28.476Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
              },
              {
                "name": "ICS-CERT Advisory",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kantech EntraPass Corporate Edition",
              "vendor": "Johnson Controls",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 8.0 and prior"
                }
              ]
            },
            {
              "product": "Kantech EntraPass Global Edition",
              "vendor": "Johnson Controls",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 8.0 and prior"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Joachim Kerschbaumer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls\u0027 Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 - Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-10T19:32:39.000Z",
            "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
            "shortName": "jci"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
            },
            {
              "name": "ICS-CERT Advisory",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-04"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade impacted Kantech EntraPass Global and Corporate edition software to version 8.10."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Kantech EntraPass Improper Input Validation",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productsecurity@jci.com",
              "ID": "CVE-2019-7589",
              "STATE": "PUBLIC",
              "TITLE": "Kantech EntraPass Improper Input Validation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Kantech EntraPass Corporate Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions 8.0 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Kantech EntraPass Global Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions 8.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Johnson Controls"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Joachim Kerschbaumer"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls\u0027 Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 - Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
                },
                {
                  "name": "ICS-CERT Advisory",
                  "refsource": "CERT",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-04"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade impacted Kantech EntraPass Global and Corporate edition software to version 8.10."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "assignerShortName": "jci",
        "cveId": "CVE-2019-7589",
        "datePublished": "2020-03-10T19:32:39.000Z",
        "dateReserved": "2019-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:28.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7589 (GCVE-0-2019-7589)

    Vulnerability from cvelistv5 – Published: 2020-03-10 19:32 – Updated: 2024-08-04 20:54
    VLAI
    Title
    Kantech EntraPass Improper Input Validation
    Summary
    A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior.
    CWE
    • CWE-20 - - Improper Input Validation
    Assigner
    jci
    References
    Impacted products
    Credits
    Joachim Kerschbaumer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:28.476Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
              },
              {
                "name": "ICS-CERT Advisory",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kantech EntraPass Corporate Edition",
              "vendor": "Johnson Controls",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 8.0 and prior"
                }
              ]
            },
            {
              "product": "Kantech EntraPass Global Edition",
              "vendor": "Johnson Controls",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 8.0 and prior"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Joachim Kerschbaumer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls\u0027 Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 - Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-10T19:32:39.000Z",
            "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
            "shortName": "jci"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
            },
            {
              "name": "ICS-CERT Advisory",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-04"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade impacted Kantech EntraPass Global and Corporate edition software to version 8.10."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Kantech EntraPass Improper Input Validation",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productsecurity@jci.com",
              "ID": "CVE-2019-7589",
              "STATE": "PUBLIC",
              "TITLE": "Kantech EntraPass Improper Input Validation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Kantech EntraPass Corporate Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions 8.0 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Kantech EntraPass Global Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions 8.0 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Johnson Controls"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Joachim Kerschbaumer"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls\u0027 Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 - Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
                },
                {
                  "name": "ICS-CERT Advisory",
                  "refsource": "CERT",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-04"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade impacted Kantech EntraPass Global and Corporate edition software to version 8.10."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "assignerShortName": "jci",
        "cveId": "CVE-2019-7589",
        "datePublished": "2020-03-10T19:32:39.000Z",
        "dateReserved": "2019-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:28.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }