Filtered by vendor Johnsoncontrols
Subscriptions
Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27664 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-09-17 | 9.8 Critical |
| Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server. | ||||
| CVE-2021-36201 | 1 Johnsoncontrols | 2 C-cure 9000, C-cure 9000 Firmware | 2024-09-17 | 4.3 Medium |
| Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions. | ||||
| CVE-2021-27663 | 1 Johnsoncontrols | 2 Ac2000, Ac2000 Firmware | 2024-09-17 | 8.2 High |
| A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5. | ||||
| CVE-2021-27656 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-09-17 | 5.3 Medium |
| A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system. | ||||
| CVE-2021-36206 | 1 Johnsoncontrols | 1 Cevas | 2024-09-17 | 10 Critical |
| All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries. | ||||
| CVE-2020-9049 | 1 Johnsoncontrols | 2 C-cure Web, Victor Web | 2024-09-17 | 7.1 High |
| A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack. | ||||
| CVE-2021-27665 | 1 Johnsoncontrols | 1 Exacqvision Server | 2024-09-17 | 7.5 High |
| An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition. | ||||
| CVE-2021-36203 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2024-09-17 | 5.3 Medium |
| The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request. | ||||
| CVE-2021-27658 | 1 Johnsoncontrols | 1 Exacqvision Enterprise Manager | 2024-09-17 | 4.3 Medium |
| exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users. | ||||
| CVE-2022-21941 | 1 Johnsoncontrols | 2 Istar Ultra, Istar Ultra Firmware | 2024-09-17 | 10 Critical |
| All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system. | ||||
| CVE-2012-4026 | 1 Johnsoncontrols | 2 Pegasys P2000 Server, Pegasys P2000 Server Software | 2024-09-17 | N/A |
| The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607. | ||||
| CVE-2021-36202 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-09-17 | 8.4 High |
| Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2. | ||||
| CVE-2019-7590 | 1 Johnsoncontrols | 1 Exacqvision Server | 2024-09-17 | N/A |
| ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4. | ||||
| CVE-2021-27657 | 1 Johnsoncontrols | 1 Metasys | 2024-09-17 | 8.8 High |
| Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions. | ||||
| CVE-2021-27662 | 1 Johnsoncontrols | 2 Kantech Kt-1 Door Controller, Kantech Kt-1 Door Controller Firmware | 2024-09-17 | 8.6 High |
| The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01 | ||||
| CVE-2018-10624 | 1 Johnsoncontrols | 2 Bcpro, Metasys System | 2024-09-17 | N/A |
| In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information. | ||||
| CVE-2021-36207 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-09-17 | 8.8 High |
| Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. | ||||
| CVE-2021-36205 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-09-16 | 8.1 High |
| Under certain circumstances the session token is not cleared on logout. | ||||
| CVE-2021-27661 | 1 Johnsoncontrols | 2 F4-snc, F4-snc Firmware | 2024-09-16 | 8.8 High |
| Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC. | ||||
| CVE-2022-21935 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-09-16 | 7.5 High |
| A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change. | ||||