CVE-2018-10624
N/A
N/A
Summary
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Johnson Controls | Metasys System | 0 <= 8.0 | affected |
| Johnson Controls | BCPro (BCM) | 0 < 3.0.2 | affected |
Weaknesses
- CWE-209: CWE-209 Generation of Error Message Containing Sensitive Information
Workarounds
Additional information for Johnson Controls:
- Product security contact information, Building Automation System hardening, and security resources are located at our product security website http://www.johnsoncontrols.com/buildings/specialty-pages/product-security http://www.johnsoncontrols.com/buildings/specialty-pages/product-security
- Contact information: Johnson Controls Global Product Security at productsecurity@jci.com http://mailto:productsecurity@jci.com/
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.