Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for metasys_system by johnsoncontrols

    CVE-2019-7594 (GCVE-0-2019-7594)

    Vulnerability from nvd – Published: 2019-08-20 18:24 – Updated: 2024-08-04 20:54
    VLAI
    Title
    Metasys use of hardcoded RC2 key
    Summary
    Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    jci
    References
    Impacted products
    Credits
    harpocrates.ghost@protonmail.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:28.360Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Metasys versions prior to 9.0",
              "vendor": "Johnson Controls",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "harpocrates.ghost@protonmail.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Metasys\u00ae ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321 Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:24:56.000Z",
            "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
            "shortName": "jci"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade Metasys\u00ae devices to Release 9.0 or later and configure sites with trusted certificates."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Metasys use of hardcoded RC2 key",
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productsecurity@jci.com",
              "ID": "CVE-2019-7594",
              "STATE": "PUBLIC",
              "TITLE": "Metasys use of hardcoded RC2 key"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Metasys versions prior to 9.0",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!",
                                "version_value": "9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Johnson Controls"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "harpocrates.ghost@protonmail.com"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Metasys\u00ae ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP)."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-321 Use of Hard-coded Cryptographic Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade Metasys\u00ae devices to Release 9.0 or later and configure sites with trusted certificates."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "assignerShortName": "jci",
        "cveId": "CVE-2019-7594",
        "datePublished": "2019-08-20T18:24:56.000Z",
        "dateReserved": "2019-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:28.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7593 (GCVE-0-2019-7593)

    Vulnerability from nvd – Published: 2019-08-20 18:22 – Updated: 2024-08-04 20:54
    VLAI
    Title
    Metasys use of shared RSA key pairs
    Summary
    Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).
    CWE
    • CWE-323 - Reusing a Nonce, Key Pair in Encryption
    Assigner
    jci
    References
    Impacted products
    Credits
    harpocrates.ghost@protonmail.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:27.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Metasys versions prior to 9.0",
              "vendor": "Johnson Controls",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "harpocrates.ghost@protonmail.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Metasys\u00ae ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-323",
                  "description": "CWE-323: Reusing a Nonce, Key Pair in Encryption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:22:43.000Z",
            "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
            "shortName": "jci"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade Metasys\u00ae devices to Release 9.0 or later and configure sites with trusted certificates."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Metasys use of shared RSA key pairs",
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productsecurity@jci.com",
              "ID": "CVE-2019-7593",
              "STATE": "PUBLIC",
              "TITLE": "Metasys use of shared RSA key pairs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Metasys versions prior to 9.0",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!",
                                "version_value": "9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Johnson Controls"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "harpocrates.ghost@protonmail.com"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Metasys\u00ae ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP)."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-323: Reusing a Nonce, Key Pair in Encryption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade Metasys\u00ae devices to Release 9.0 or later and configure sites with trusted certificates."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "assignerShortName": "jci",
        "cveId": "CVE-2019-7593",
        "datePublished": "2019-08-20T18:22:43.000Z",
        "dateReserved": "2019-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:27.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10624 (GCVE-0-2018-10624)

    Vulnerability from nvd – Published: 2018-08-01 21:00 – Updated: 2024-09-17 00:11
    VLAI
    Title
    Johnson Controls Metasys and BCPro Generation of Error Message Containing Sensitive Information
    Summary
    In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.
    Severity
    No CVSS data available.
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    References
    Impacted products
    Date Public
    2018-07-31 06:00
    Credits
    Dan Regalado of Zingbox reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:46.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02"
              },
              {
                "name": "104937",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104937"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Metasys System",
              "vendor": "Johnson Controls",
              "versions": [
                {
                  "lessThanOrEqual": "8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BCPro (BCM)",
              "vendor": "Johnson Controls",
              "versions": [
                {
                  "lessThan": "3.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Dan Regalado of Zingbox reported this vulnerability to CISA."
            }
          ],
          "datePublic": "2018-07-31T06:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.\u003c/p\u003e"
                }
              ],
              "value": "In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-23T00:43:24.083Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02"
            },
            {
              "name": "104937",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104937"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eJohnson Controls recommends the following mitigations:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThis issue was remediated in Metasys v8.1 (April, 2016). Users should upgrade to the latest product version (9.0). For Metasys information, contact your Metasys field service/sales representative.\u003c/li\u003e\u003cli\u003eThis issue was remediated in the BCPro Workstation in BCPro v3.0 (October, 2017) and mitigated for the BACnet Router and Gateway in BCPro v3.0.2 (June, 2018). Users should upgrade to the latest product versions. For more BCPro information, contact your BCPro sales and support representative.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Johnson Controls recommends the following mitigations:\n\n  *  This issue was remediated in Metasys v8.1 (April, 2016). Users should upgrade to the latest product version (9.0). For Metasys information, contact your Metasys field service/sales representative.\n  *  This issue was remediated in the BCPro Workstation in BCPro v3.0 (October, 2017) and mitigated for the BACnet Router and Gateway in BCPro v3.0.2 (June, 2018). Users should upgrade to the latest product versions. For more BCPro information, contact your BCPro sales and support representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Johnson Controls Metasys and BCPro Generation of Error Message Containing Sensitive Information",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAdditional information for Johnson Controls:\u003c/p\u003e\u003cul\u003e\u003cli\u003eProduct security contact information, Building Automation System hardening, and security resources are located at our product security website \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.johnsoncontrols.com/buildings/specialty-pages/product-security\"\u003ehttp://www.johnsoncontrols.com/buildings/specialty-pages/product-security\u003c/a\u003e\u003c/li\u003e\u003cli\u003eContact information: Johnson Controls Global Product Security at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://mailto:productsecurity@jci.com/\"\u003eproductsecurity@jci.com\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Additional information for Johnson Controls:\n\n  *  Product security contact information, Building Automation System hardening, and security resources are located at our product security website  http://www.johnsoncontrols.com/buildings/specialty-pages/product-security http://www.johnsoncontrols.com/buildings/specialty-pages/product-security \n  *  Contact information: Johnson Controls Global Product Security at  productsecurity@jci.com http://mailto:productsecurity@jci.com/"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-07-31T00:00:00",
              "ID": "CVE-2018-10624",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Metasys System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions 8.0 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BCPro (BCM)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to 3.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Johnson Controls"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INFORMATION EXPOSURE THROUGH AN ERROR MESSAGE CWE-209"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02"
                },
                {
                  "name": "104937",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104937"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10624",
        "datePublished": "2018-08-01T21:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:11:43.873Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7594 (GCVE-0-2019-7594)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:24 – Updated: 2024-08-04 20:54
    VLAI
    Title
    Metasys use of hardcoded RC2 key
    Summary
    Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    jci
    References
    Impacted products
    Credits
    harpocrates.ghost@protonmail.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:28.360Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Metasys versions prior to 9.0",
              "vendor": "Johnson Controls",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "harpocrates.ghost@protonmail.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Metasys\u00ae ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321 Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:24:56.000Z",
            "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
            "shortName": "jci"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade Metasys\u00ae devices to Release 9.0 or later and configure sites with trusted certificates."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Metasys use of hardcoded RC2 key",
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productsecurity@jci.com",
              "ID": "CVE-2019-7594",
              "STATE": "PUBLIC",
              "TITLE": "Metasys use of hardcoded RC2 key"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Metasys versions prior to 9.0",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!",
                                "version_value": "9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Johnson Controls"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "harpocrates.ghost@protonmail.com"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Metasys\u00ae ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP)."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-321 Use of Hard-coded Cryptographic Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade Metasys\u00ae devices to Release 9.0 or later and configure sites with trusted certificates."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "assignerShortName": "jci",
        "cveId": "CVE-2019-7594",
        "datePublished": "2019-08-20T18:24:56.000Z",
        "dateReserved": "2019-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:28.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7593 (GCVE-0-2019-7593)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:22 – Updated: 2024-08-04 20:54
    VLAI
    Title
    Metasys use of shared RSA key pairs
    Summary
    Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).
    CWE
    • CWE-323 - Reusing a Nonce, Key Pair in Encryption
    Assigner
    jci
    References
    Impacted products
    Credits
    harpocrates.ghost@protonmail.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:27.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Metasys versions prior to 9.0",
              "vendor": "Johnson Controls",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "harpocrates.ghost@protonmail.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Metasys\u00ae ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-323",
                  "description": "CWE-323: Reusing a Nonce, Key Pair in Encryption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:22:43.000Z",
            "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
            "shortName": "jci"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade Metasys\u00ae devices to Release 9.0 or later and configure sites with trusted certificates."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Metasys use of shared RSA key pairs",
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productsecurity@jci.com",
              "ID": "CVE-2019-7593",
              "STATE": "PUBLIC",
              "TITLE": "Metasys use of shared RSA key pairs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Metasys versions prior to 9.0",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!",
                                "version_value": "9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Johnson Controls"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "harpocrates.ghost@protonmail.com"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Metasys\u00ae ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP)."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-323: Reusing a Nonce, Key Pair in Encryption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-01"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade Metasys\u00ae devices to Release 9.0 or later and configure sites with trusted certificates."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "assignerShortName": "jci",
        "cveId": "CVE-2019-7593",
        "datePublished": "2019-08-20T18:22:43.000Z",
        "dateReserved": "2019-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:27.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10624 (GCVE-0-2018-10624)

    Vulnerability from cvelistv5 – Published: 2018-08-01 21:00 – Updated: 2024-09-17 00:11
    VLAI
    Title
    Johnson Controls Metasys and BCPro Generation of Error Message Containing Sensitive Information
    Summary
    In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.
    Severity
    No CVSS data available.
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    References
    Impacted products
    Date Public
    2018-07-31 06:00
    Credits
    Dan Regalado of Zingbox reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:46.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02"
              },
              {
                "name": "104937",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104937"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Metasys System",
              "vendor": "Johnson Controls",
              "versions": [
                {
                  "lessThanOrEqual": "8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BCPro (BCM)",
              "vendor": "Johnson Controls",
              "versions": [
                {
                  "lessThan": "3.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Dan Regalado of Zingbox reported this vulnerability to CISA."
            }
          ],
          "datePublic": "2018-07-31T06:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.\u003c/p\u003e"
                }
              ],
              "value": "In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-23T00:43:24.083Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02"
            },
            {
              "name": "104937",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104937"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eJohnson Controls recommends the following mitigations:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThis issue was remediated in Metasys v8.1 (April, 2016). Users should upgrade to the latest product version (9.0). For Metasys information, contact your Metasys field service/sales representative.\u003c/li\u003e\u003cli\u003eThis issue was remediated in the BCPro Workstation in BCPro v3.0 (October, 2017) and mitigated for the BACnet Router and Gateway in BCPro v3.0.2 (June, 2018). Users should upgrade to the latest product versions. For more BCPro information, contact your BCPro sales and support representative.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Johnson Controls recommends the following mitigations:\n\n  *  This issue was remediated in Metasys v8.1 (April, 2016). Users should upgrade to the latest product version (9.0). For Metasys information, contact your Metasys field service/sales representative.\n  *  This issue was remediated in the BCPro Workstation in BCPro v3.0 (October, 2017) and mitigated for the BACnet Router and Gateway in BCPro v3.0.2 (June, 2018). Users should upgrade to the latest product versions. For more BCPro information, contact your BCPro sales and support representative."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Johnson Controls Metasys and BCPro Generation of Error Message Containing Sensitive Information",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAdditional information for Johnson Controls:\u003c/p\u003e\u003cul\u003e\u003cli\u003eProduct security contact information, Building Automation System hardening, and security resources are located at our product security website \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.johnsoncontrols.com/buildings/specialty-pages/product-security\"\u003ehttp://www.johnsoncontrols.com/buildings/specialty-pages/product-security\u003c/a\u003e\u003c/li\u003e\u003cli\u003eContact information: Johnson Controls Global Product Security at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://mailto:productsecurity@jci.com/\"\u003eproductsecurity@jci.com\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Additional information for Johnson Controls:\n\n  *  Product security contact information, Building Automation System hardening, and security resources are located at our product security website  http://www.johnsoncontrols.com/buildings/specialty-pages/product-security http://www.johnsoncontrols.com/buildings/specialty-pages/product-security \n  *  Contact information: Johnson Controls Global Product Security at  productsecurity@jci.com http://mailto:productsecurity@jci.com/"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-07-31T00:00:00",
              "ID": "CVE-2018-10624",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Metasys System",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions 8.0 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BCPro (BCM)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to 3.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Johnson Controls"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INFORMATION EXPOSURE THROUGH AN ERROR MESSAGE CWE-209"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02"
                },
                {
                  "name": "104937",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104937"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10624",
        "datePublished": "2018-08-01T21:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:11:43.873Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }