Vulnerability Details CVE-2023-4486
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to
versions 11.0.6 and 12.0.4
and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.6%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2023-4486
-
cpe:2.3:h:johnsoncontrols:f4-snc:-
-
cpe:2.3:h:johnsoncontrols:nae55:-
-
cpe:2.3:h:johnsoncontrols:snc16120-04:-
-
cpe:2.3:h:johnsoncontrols:snc16120-0:-
-
cpe:2.3:h:johnsoncontrols:snc25150-04:-
-
cpe:2.3:h:johnsoncontrols:snc25150-0:-
-
cpe:2.3:h:johnsoncontrols:sne10500:-
-
cpe:2.3:h:johnsoncontrols:sne11000:-
-
cpe:2.3:h:johnsoncontrols:sne110l0:-
-
cpe:2.3:h:johnsoncontrols:sne22000:-
-
cpe:2.3:o:johnsoncontrols:f4-snc_firmware:*
-
cpe:2.3:o:johnsoncontrols:f4-snc_firmware:11
-
cpe:2.3:o:johnsoncontrols:nae55_firmware:8.1
-
cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.1
-
cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.2
-
cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.3
-
cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.5
-
cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.6
-
cpe:2.3:o:johnsoncontrols:snc16120-04_firmware:-
-
cpe:2.3:o:johnsoncontrols:snc16120-0_firmware:-
-
cpe:2.3:o:johnsoncontrols:snc25150-04_firmware:-
-
cpe:2.3:o:johnsoncontrols:snc25150-0_firmware:-
-
cpe:2.3:o:johnsoncontrols:sne10500_firmware:-
-
cpe:2.3:o:johnsoncontrols:sne11000_firmware:-
-
cpe:2.3:o:johnsoncontrols:sne110l0_firmware:-
-
cpe:2.3:o:johnsoncontrols:sne22000_firmware:-