Описание
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
Ссылки
- Vendor Advisory
- MitigationThird Party AdvisoryUS Government Resource
- Vendor Advisory
- MitigationThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 9.0 (исключая)
cpe:2.3:a:johnsoncontrols:metasys_system:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00111
Низкий
6.8 Medium
CVSS3
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-321
CWE-798
Связанные уязвимости
CVSS3: 9.1
github
больше 3 лет назад
Metasys? ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
EPSS
Процентиль: 30%
0.00111
Низкий
6.8 Medium
CVSS3
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-321
CWE-798