Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to
versions 11.0.6 and 12.0.4
and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.
References
| Link | Resource |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03 | Third Party Advisory US Government Resource |
| https://www.johnsoncontrols.com/cyber-solutions/security-advisories | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
History
19 Dec 2023, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. |
13 Dec 2023, 18:47
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03 - Third Party Advisory, US Government Resource | |
| References | () https://www.johnsoncontrols.com/cyber-solutions/security-advisories - Vendor Advisory | |
| First Time |
Johnsoncontrols sne11000 Firmware
Johnsoncontrols snc16120-0 Firmware Johnsoncontrols sne110l0 Firmware Johnsoncontrols f4-snc Firmware Johnsoncontrols snc25150-04 Johnsoncontrols nae55 Johnsoncontrols snc25150-04 Firmware Johnsoncontrols nae55 Firmware Johnsoncontrols snc16120-0 Johnsoncontrols snc16120-04 Firmware Johnsoncontrols sne22000 Johnsoncontrols sne22000 Firmware Johnsoncontrols Johnsoncontrols sne110l0 Johnsoncontrols sne10500 Firmware Johnsoncontrols sne10500 Johnsoncontrols snc16120-04 Johnsoncontrols sne11000 Johnsoncontrols snc25150-0 Johnsoncontrols snc25150-0 Firmware Johnsoncontrols f4-snc |
|
| CWE | CWE-770 | |
| CPE | cpe:2.3:h:johnsoncontrols:sne110l0:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:sne11000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:sne22000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:snc16120-04:-:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:snc16120-0:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:f4-snc_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:nae55_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:sne10500:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:sne110l0_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:snc25150-04:-:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:snc25150-0:-:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:f4-snc:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:snc25150-04_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:snc16120-0_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:snc25150-0_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:nae55:-:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:sne11000:-:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:snc16120-04_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:johnsoncontrols:sne10500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:johnsoncontrols:sne22000:-:*:*:*:*:*:*:* |
|
| Summary |
|
07 Dec 2023, 21:05
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-07 20:15
Updated : 2023-12-19 17:15
NVD link : CVE-2023-4486
Mitre link : CVE-2023-4486
CVE.ORG link : CVE-2023-4486
JSON object : View
Products Affected
johnsoncontrols
- snc16120-04_firmware
- sne22000
- snc16120-04
- sne22000_firmware
- snc16120-0_firmware
- sne110l0
- f4-snc
- sne11000
- f4-snc_firmware
- snc25150-04
- sne10500
- snc25150-0
- sne110l0_firmware
- nae55
- snc25150-0_firmware
- snc25150-04_firmware
- nae55_firmware
- sne11000_firmware
- sne10500_firmware
- snc16120-0