RSS   Vulnerabilities for 'Metsys'   RSS

2015-03-29
 
CVE-2014-5428

 

 
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script.

 
 
CVE-2014-5427

 

 
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.

 

 >>> Vendor: Johnsoncontrols 20 Products
Network controller
Network controller firmware
Pegasys p2000 server software
Pegasys p2000 server
Metsys
Metasys system
Exacqvision server
Entrapass
Metasys application and data server
Metasys extended application and data server
Metasys lonworks control server
Metasys open application server
Metasys open data server
Metasys system configuration tool
Kantech entrapass
Metasys reporting engine
Exacqvision web service
Exacqvision enterprise manager
Videoedge
Easyio cpt graphics


Copyright 2024, cxsecurity.com

 

Back to Top