CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-10624

In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.4%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 3.3

References

http://www.securityfocus.com/bid/104937
https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02
http://www.securityfocus.com/bid/104937
https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02

Products affected by CVE-2018-10624

Johnsoncontrols » Bcpro » Version: Any

cpe:2.3:a:johnsoncontrols:bcpro:*
Johnsoncontrols » Metasys System » Version: Any

cpe:2.3:a:johnsoncontrols:metasys_system:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-10624

Products

Pricing

Contact Us