CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-21936

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.8%

CVSS Severity

CVSS v3 Score 8.1

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01
https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Products affected by CVE-2022-21936

Johnsoncontrols » Metasys Extended Application And Data Server » Version: 12.0

cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:12.0
Johnsoncontrols » Metasys For Validated Environments » Version: N/A

cpe:2.3:a:johnsoncontrols:metasys_for_validated_environments:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-21936

Products

Pricing

Contact Us