CVE-2021-36206 - Vulnerability Details - OpenCVE

Description

All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.

Published: 2022-10-28

Score: 10 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Johnson Controls

CEVAS

affected

Version	Status	Constraints
`all versions prior to 1.01.46`	affected	< 1.01.46

Configuration 1 [-]

cpe:2.3:a:johnsoncontrols:cevas:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

Upgrade CEVAS to version 1.01.46. Contact CKS for the upgrade.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-22827	All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00619.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-05
https://www.johnsoncontrols.com/cyber-solutions/security-advisories

History

Mon, 05 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Johnsoncontrols Cevas

MITRE

Status: PUBLISHED

Assigner: jci

Published: 2022-10-28T01:17:27.885Z

Updated: 2025-05-05T14:37:46.026Z

Reserved: 2021-07-06T00:00:00.000Z

Link: CVE-2021-36206

Vulnrichment

Updated: 2024-08-04T00:54:50.795Z

NVD

Status : Modified

Published: 2022-10-28T02:15:16.730

Modified: 2024-11-21T06:13:19.050

Link: CVE-2021-36206

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-36206", "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "assignerShortName": "jci", "datePublished": "2022-10-28T01:17:27.885Z", "dateUpdated": "2025-05-05T14:37:46.026Z", "dateReserved": "2021-07-06T00:00:00.000Z"}, "containers": {"cna": {"title": "CEVAS", "datePublic": "2022-10-25T00:00:00.000Z", "providerMetadata": {"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "shortName": "jci", "dateUpdated": "2022-10-28T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries."}], "affected": [{"vendor": "Johnson Controls", "product": "CEVAS", "versions": [{"version": "all versions prior to 1.01.46", "status": "affected", "lessThan": "1.01.46", "versionType": "custom"}]}], "references": [{"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"}, {"name": "ICS-CERT Advisory", "tags": ["third-party-advisory"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-05"}], "credits": [{"lang": "en", "value": "Christian Vierschilling and Caroline Moesler reported this vulnerability to Johnson Controls, Inc."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 10, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "Upgrade CEVAS to version 1.01.46. Contact CKS for the upgrade."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:54:50.795Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "tags": ["x_transferred"]}, {"name": "ICS-CERT Advisory", "tags": ["third-party-advisory", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-05"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-05T14:37:31.041198Z", "id": "CVE-2021-36206", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T14:37:46.026Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "tags": ["x_transferred"]}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-05", "name": "ICS-CERT Advisory", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:54:50.795Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-36206", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-05T14:37:31.041198Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T14:37:35.768Z"}}], "cna": {"title": "CEVAS", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "Christian Vierschilling and Caroline Moesler reported this vulnerability to Johnson Controls, Inc."}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Johnson Controls", "product": "CEVAS", "versions": [{"status": "affected", "version": "all versions prior to 1.01.46", "lessThan": "1.01.46", "versionType": "custom"}]}], "solutions": [{"lang": "en", "value": "Upgrade CEVAS to version 1.01.46. Contact CKS for the upgrade."}], "datePublic": "2022-10-25T00:00:00.000Z", "references": [{"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-05", "name": "ICS-CERT Advisory", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "shortName": "jci", "dateUpdated": "2022-10-28T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2021-36206", "state": "PUBLISHED", "dateUpdated": "2025-05-05T14:37:46.026Z", "dateReserved": "2021-07-06T00:00:00.000Z", "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "datePublished": "2022-10-28T01:17:27.885Z", "assignerShortName": "jci"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:johnsoncontrols:cevas:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B806255-F485-49A6-A00A-9062F3709D63", "versionEndExcluding": "1.01.46", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries."}, {"lang": "es", "value": "Todas las versiones de CEVAS anteriores a la 1.01.46 no validan suficientemente la entrada controlable por el usuario y podr\u00edan permitir que un usuario omita la autenticaci\u00f3n y recupere datos con consultas SQL especialmente manipuladas."}], "id": "CVE-2021-36206", "lastModified": "2024-11-21T06:13:19.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.8, "source": "productsecurity@jci.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-28T02:15:16.730", "references": [{"source": "productsecurity@jci.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-05"}, {"source": "productsecurity@jci.com", "tags": ["Vendor Advisory"], "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"}], "sourceIdentifier": "productsecurity@jci.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "productsecurity@jci.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}