CVE-2014-5427

Johnsoncontrols Metsys - Information Disclosure

Title source: rule
STIX 2.1

Description

Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-14-350-02

Scores

EPSS 0.0136
EPSS Percentile 68.3%

Details

CWE
CWE-200
Status published
Products (2)
johnsoncontrols/metsys 4.1
johnsoncontrols/metsys 6.5
Published Mar 29, 2015
Tracked Since Feb 18, 2026