CVE-2022-21939

Sensitive cookie without 'HttpOnly' flag in System Configuration Tool (SCT)

CVSS 7.5 HIGHEPSS 0.5%CWE-1004

In short

The System Configuration Tool stores sensitive cookies without the HttpOnly flag, allowing attackers to steal them through JavaScript attacks. This puts user sessions at risk of unauthorized access.

Technical detail

CWE-1004 vulnerability in Johnson Controls SCT versions 14.x <14.2.3 and 15.x <15.0.3 exposes sensitive session cookies lacking HttpOnly protection, enabling client-side script injection (XSS) to exfiltrate authentication tokens and hijack authenticated sessions.

Summary generated and translated by AI from the official description.

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Johnson Controls · System Configuration Tool (SCT)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03 https://www.johnsoncontrols.com/cyber-solutions/security-advisories