5
CVE-2014-5427
- EPSS 0.53%
- Veröffentlicht 29.03.2015 10:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginJohnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Johnsoncontrols ≫ Metsys Version4.1
Johnsoncontrols ≫ Application And Data Server Version-
Johnsoncontrols ≫ Extended Application And Data Server Version-
Johnsoncontrols ≫ Lonworks Control Server Lcs8520 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2u Version-
Johnsoncontrols ≫ Network Automation Engine 5511-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5520-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5521-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5510-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5511-2 Version-
Johnsoncontrols ≫ Nxe8500 Version-
Johnsoncontrols ≫ Extended Application And Data Server Version-
Johnsoncontrols ≫ Lonworks Control Server Lcs8520 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2u Version-
Johnsoncontrols ≫ Network Automation Engine 5511-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5520-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5521-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5510-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5511-2 Version-
Johnsoncontrols ≫ Nxe8500 Version-
Johnsoncontrols ≫ Metsys Version6.5
Johnsoncontrols ≫ Application And Data Server Version-
Johnsoncontrols ≫ Extended Application And Data Server Version-
Johnsoncontrols ≫ Lonworks Control Server Lcs8520 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2u Version-
Johnsoncontrols ≫ Network Automation Engine 5511-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5520-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5521-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5510-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5511-2 Version-
Johnsoncontrols ≫ Nxe8500 Version-
Johnsoncontrols ≫ Extended Application And Data Server Version-
Johnsoncontrols ≫ Lonworks Control Server Lcs8520 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2u Version-
Johnsoncontrols ≫ Network Automation Engine 5511-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5520-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5521-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5510-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5511-2 Version-
Johnsoncontrols ≫ Nxe8500 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.664 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.