CVE-2019-7593

Summary

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsMetasys versions prior to 9.09.0unaffected

Weaknesses

  • CWE-323: CWE-323: Reusing a Nonce, Key Pair in Encryption

ADP Enrichment

CVE Program Container

Additional References

References