johnsoncontrols

metasys_system

3 known vulnerabilities · sorted by CVSS score

CVE-2019-7594

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).

johnsoncontrols / metasys_system

Network

Published Aug 20, 2019

CVE-2019-7593

MEDIUM6.8

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).

johnsoncontrols / metasys_system

Network

Published Aug 20, 2019

CVE-2018-10624

MEDIUM6.5

In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.

johnsoncontrols / bcpro+1

Adjacent

Published Aug 1, 2018