CVE-2018-10624 - OpenCVE

In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Johnsoncontrols	Bcpro Metasys System

Configuration 1 [-]

OR	cpe:2.3:a:johnsoncontrols:bcpro::::::::
	cpe:2.3:a:johnsoncontrols:metasys_system::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104937
https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02

History

Tue, 17 Sep 2024 00:15:00 +0000

Type	Values Removed	Values Added
Description	In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.	In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-08-01T21:00:00Z

Updated: 2024-09-17T00:11:43.873Z

Reserved: 2018-05-01T00:00:00

Link: CVE-2018-10624

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-08-01T21:29:00.217

Modified: 2024-09-17T00:15:30.227

Link: CVE-2018-10624

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Metasys System", "vendor": "Johnson Controls", "versions": [{"lessThanOrEqual": "8.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "BCPro (BCM)", "vendor": "Johnson Controls", "versions": [{"lessThan": "3.0.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dan Regalado of Zingbox reported this vulnerability to CISA."}], "datePublic": "2018-07-31T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.</p>"}], "value": "In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-01-23T00:43:24.083Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02"}, {"name": "104937", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104937"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Johnson Controls recommends the following mitigations:</p><ul><li>This issue was remediated in Metasys v8.1 (April, 2016). Users should upgrade to the latest product version (9.0). For Metasys information, contact your Metasys field service/sales representative.</li><li>This issue was remediated in the BCPro Workstation in BCPro v3.0 (October, 2017) and mitigated for the BACnet Router and Gateway in BCPro v3.0.2 (June, 2018). Users should upgrade to the latest product versions. For more BCPro information, contact your BCPro sales and support representative.</li></ul>\n\n<br>"}], "value": "Johnson Controls recommends the following mitigations:\n\n * This issue was remediated in Metasys v8.1 (April, 2016). Users should upgrade to the latest product version (9.0). For Metasys information, contact your Metasys field service/sales representative.\n * This issue was remediated in the BCPro Workstation in BCPro v3.0 (October, 2017) and mitigated for the BACnet Router and Gateway in BCPro v3.0.2 (June, 2018). Users should upgrade to the latest product versions. For more BCPro information, contact your BCPro sales and support representative."}], "source": {"discovery": "EXTERNAL"}, "title": "Johnson Controls Metasys and BCPro Generation of Error Message Containing Sensitive Information", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Additional information for Johnson Controls:</p><ul><li>Product security contact information, Building Automation System hardening, and security resources are located at our product security website <a target=\"_blank\" rel=\"nofollow\" href=\"http://www.johnsoncontrols.com/buildings/specialty-pages/product-security\">http://www.johnsoncontrols.com/buildings/specialty-pages/product-security</a></li><li>Contact information: Johnson Controls Global Product Security at <a target=\"_blank\" rel=\"nofollow\" href=\"http://mailto:productsecurity@jci.com/\">productsecurity@jci.com</a></li></ul>\n\n<br>"}], "value": "Additional information for Johnson Controls:\n\n * Product security contact information, Building Automation System hardening, and security resources are located at our product security website http://www.johnsoncontrols.com/buildings/specialty-pages/product-security http://www.johnsoncontrols.com/buildings/specialty-pages/product-security \n * Contact information: Johnson Controls Global Product Security at productsecurity@jci.com http://mailto:productsecurity@jci.com/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-07-31T00:00:00", "ID": "CVE-2018-10624", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Metasys System", "version": {"version_data": [{"version_value": "Versions 8.0 and prior"}]}}, {"product_name": "BCPro (BCM)", "version": {"version_data": [{"version_value": "all versions prior to 3.0.2"}]}}]}, "vendor_name": "Johnson Controls"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "INFORMATION EXPOSURE THROUGH AN ERROR MESSAGE CWE-209"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02"}, {"name": "104937", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104937"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:46:46.244Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02"}, {"name": "104937", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104937"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-10624", "datePublished": "2018-08-01T21:00:00Z", "dateReserved": "2018-05-01T00:00:00", "dateUpdated": "2024-09-17T00:11:43.873Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:johnsoncontrols:bcpro:*:*:*:*:*:*:*:*", "matchCriteriaId": "719BA35E-A882-4897-B402-0F111564C3E5", "versionEndExcluding": "3.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:johnsoncontrols:metasys_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "41A715BD-F19F-4AF4-A4A7-3A93E0C59AB8", "versionEndIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information."}, {"lang": "es", "value": "En Johnson Controls Metasys System en versiones 8.0 y anteriores y BCPro (BCM) en todas las versiones anteriores a la 3.0.2, esta vulnerabilidad resulta de un manejo de errores incorrecto en las comunicaciones HTTP con el servidor, lo que podr\u00eda permitir que un atacante obtenga informaci\u00f3n t\u00e9cnica."}], "id": "CVE-2018-10624", "lastModified": "2024-09-17T00:15:30.227", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-01T21:29:00.217", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104937"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-388"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-209"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}