Filtered by vendor Johnsoncontrols
Subscriptions
Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-21936 | 1 Johnsoncontrols | 2 Metasys Extended Application And Data Server, Metasys For Validated Environments | 2024-09-16 | 8.1 High |
| On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. | ||||
| CVE-2021-27660 | 1 Johnsoncontrols | 2 C-cure 9000, C-cure 9000 Firmware | 2024-09-16 | 8.8 High |
| An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs. | ||||
| CVE-2021-36199 | 1 Johnsoncontrols | 1 Videoedge | 2024-09-16 | 5.3 Medium |
| Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop. | ||||
| CVE-2020-9048 | 2 Johnsoncontrols, Tyco | 2 Victor Web Client, C-cure Web Client | 2024-09-16 | 7.1 High |
| A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack. | ||||
| CVE-2021-27659 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-09-16 | 5.3 Medium |
| exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users. | ||||
| CVE-2022-21934 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-09-16 | 8 High |
| Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2. | ||||
| CVE-2022-21937 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-09-16 | 8.7 High |
| Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface. | ||||
| CVE-2022-21938 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-09-16 | 8.1 High |
| Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface. | ||||
| CVE-2021-36200 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-09-16 | 5.3 Medium |
| Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users. | ||||
| CVE-2021-36198 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2024-09-16 | 8.3 High |
| Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. | ||||
| CVE-2020-9050 | 1 Johnsoncontrols | 1 Metasys Reporting Engine | 2024-09-16 | 7.5 High |
| Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system. | ||||
| CVE-2024-32864 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | 6.4 Medium |
| Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS) | ||||
| CVE-2024-32865 | 1 Johnsoncontrols | 1 Exacqvision Server | 2024-08-09 | 6.4 Medium |
| Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices. | ||||
| CVE-2024-32758 | 1 Johnsoncontrols | 2 Exacqvision Client, Exacqvision Server | 2024-08-09 | 7.5 High |
| Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange | ||||
| CVE-2024-32862 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | 6.8 Medium |
| Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains. | ||||
| CVE-2024-32931 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | 5.7 Medium |
| Under certain circumstances the exacqVision Web Service can expose authentication token details within communications. | ||||
| CVE-2024-32863 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | 6.8 Medium |
| Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2012-2607 | 1 Johnsoncontrols | 2 Network Controller, Network Controller Firmware | 2024-08-06 | N/A |
| The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). | ||||
| CVE-2014-5427 | 1 Johnsoncontrols | 12 Application And Data Server, Extended Application And Data Server, Lonworks Control Server Lcs8520 and 9 more | 2024-08-06 | N/A |
| Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request. | ||||
| CVE-2014-5428 | 1 Johnsoncontrols | 12 Application And Data Server, Extended Application And Data Server, Lonworks Control Server Lcs8520 and 9 more | 2024-08-06 | N/A |
| Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script. | ||||