10
CVE-2014-5428
- EPSS 3.95%
- Veröffentlicht 29.03.2015 10:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginUnrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Johnsoncontrols ≫ Metsys Version4.1
Johnsoncontrols ≫ Application And Data Server Version-
Johnsoncontrols ≫ Extended Application And Data Server Version-
Johnsoncontrols ≫ Lonworks Control Server Lcs8520 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2u Version-
Johnsoncontrols ≫ Network Automation Engine 5511-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5520-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5521-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5510-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5511-2 Version-
Johnsoncontrols ≫ Nxe8500 Version-
Johnsoncontrols ≫ Extended Application And Data Server Version-
Johnsoncontrols ≫ Lonworks Control Server Lcs8520 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2u Version-
Johnsoncontrols ≫ Network Automation Engine 5511-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5520-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5521-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5510-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5511-2 Version-
Johnsoncontrols ≫ Nxe8500 Version-
Johnsoncontrols ≫ Metsys Version6.5
Johnsoncontrols ≫ Application And Data Server Version-
Johnsoncontrols ≫ Extended Application And Data Server Version-
Johnsoncontrols ≫ Lonworks Control Server Lcs8520 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2u Version-
Johnsoncontrols ≫ Network Automation Engine 5511-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5520-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5521-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5510-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5511-2 Version-
Johnsoncontrols ≫ Nxe8500 Version-
Johnsoncontrols ≫ Extended Application And Data Server Version-
Johnsoncontrols ≫ Lonworks Control Server Lcs8520 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5510-2u Version-
Johnsoncontrols ≫ Network Automation Engine 5511-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5520-2 Version-
Johnsoncontrols ≫ Network Automation Engine 5521-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5510-2 Version-
Johnsoncontrols ≫ Network Integration Engine 5511-2 Version-
Johnsoncontrols ≫ Nxe8500 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.95% | 0.891 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
https://ics-cert.us-cert.gov/advisories/ICSA-14-350-02