Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.1
CVSSv3

CVE-2020-9044

Published: 10/03/2020 Updated: 11/03/2020
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Summary

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

johnsoncontrols metasys system configuration tool

johnsoncontrols metasys lonworks control server

johnsoncontrols metasys open application server 10.1

johnsoncontrols metasys open data server

johnsoncontrols metasys extended application and data server

johnsoncontrols metasys application and data server

johnsoncontrols nae55 firmware 9.0.1

johnsoncontrols nae55 firmware 9.0.2

johnsoncontrols nae55 firmware 9.0.3

johnsoncontrols nae55 firmware 9.0.5

johnsoncontrols nae55 firmware 9.0.6

johnsoncontrols nie55 firmware 9.0.1

johnsoncontrols nie55 firmware 9.0.2

johnsoncontrols nie55 firmware 9.0.3

johnsoncontrols nie55 firmware 9.0.5

johnsoncontrols nie55 firmware 9.0.6

johnsoncontrols nie59 firmware 9.0.1

johnsoncontrols nie59 firmware 9.0.2

johnsoncontrols nie59 firmware 9.0.3

johnsoncontrols nie59 firmware 9.0.5

johnsoncontrols nie59 firmware 9.0.6

johnsoncontrols nae85 firmware

johnsoncontrols nie85 firmware

johnsoncontrols nae55 firmware 8.1

johnsoncontrols ul 864 uukl firmware 8.1

johnsoncontrols ord-c100-13 uuklc firmware 8.1

References

CWE-611https://www.johnsoncontrols.com/cyber-solutions/security-advisorieshttps://www.us-cert.gov/ics/advisories/icsa-20-070-05https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-33545CVE-2024-35725CVE-2024-32704overflowfile uploadCVE-2024-0230CVE-2024-32705CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook