Vulnerability Details CVE-2019-7594
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.4%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 6.4
References
- https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf
- https://www.us-cert.gov/ics/advisories/icsa-19-227-01
- https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf
- https://www.us-cert.gov/ics/advisories/icsa-19-227-01
Products affected by CVE-2019-7594
-
cpe:2.3:a:johnsoncontrols:metasys_system:*