Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.1
CVSSv3

CVE-2020-9044

Published: 10/03/2020 Updated: 11/03/2020
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Johnsoncontrols

Vulnerability Summary

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

johnsoncontrols metasys application and data server

johnsoncontrols metasys extended application and data server

johnsoncontrols metasys lonworks control server

johnsoncontrols metasys open application server 10.1

johnsoncontrols metasys open data server

johnsoncontrols metasys system configuration tool

johnsoncontrols nae55_firmware 9.0.1

johnsoncontrols nae55_firmware 9.0.2

johnsoncontrols nae55_firmware 9.0.3

johnsoncontrols nae55_firmware 9.0.5

johnsoncontrols nae55_firmware 9.0.6

johnsoncontrols nie55_firmware 9.0.1

johnsoncontrols nie55_firmware 9.0.2

johnsoncontrols nie55_firmware 9.0.3

johnsoncontrols nie55_firmware 9.0.5

johnsoncontrols nie55_firmware 9.0.6

johnsoncontrols nie59_firmware 9.0.1

johnsoncontrols nie59_firmware 9.0.2

johnsoncontrols nie59_firmware 9.0.3

johnsoncontrols nie59_firmware 9.0.5

johnsoncontrols nie59_firmware 9.0.6

johnsoncontrols nae85_firmware

johnsoncontrols nie85_firmware

johnsoncontrols nae55_firmware 8.1

johnsoncontrols ul_864_uukl_firmware 8.1

johnsoncontrols ord-c100-13_uuklc_firmware 8.1

References

CWE-611https://www.johnsoncontrols.com/cyber-solutions/security-advisorieshttps://www.us-cert.gov/ics/advisories/icsa-20-070-05https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook