← volver
CVE-2023-4486

Uncontrolled Resource Consumption in Metasys and Facility Explorer

CVSS 7.5 HIGHEPSS 0.8%CWE-400
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Productos afectados
Johnson Controls · Facility Explorer F4-SNCJohnson Controls · Metasys NAE55/SNE/SNC

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03https://www.johnsoncontrols.com/cyber-solutions/security-advisories