← voltar
CVE-2023-4486

Uncontrolled Resource Consumption in Metasys and Facility Explorer

CVSS 7.5 HIGHEPSS 0.8%CWE-400
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
Johnson Controls · Facility Explorer F4-SNCJohnson Controls · Metasys NAE55/SNE/SNC

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03https://www.johnsoncontrols.com/cyber-solutions/security-advisories