CVE-2018-10624

Summary

In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsMetasys System0 <= 8.0affected
Johnson ControlsBCPro (BCM)0 < 3.0.2affected

Weaknesses

  • CWE-209: CWE-209 Generation of Error Message Containing Sensitive Information

Workarounds

Additional information for Johnson Controls:

ADP Enrichment

CVE Program Container

Additional References

References