CVE-2019-7594
6.8
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Johnson Controls | Metasys versions prior to 9.0 | 9.0 | unaffected |
Weaknesses
- CWE-321: CWE-321 Use of Hard-coded Cryptographic Key
ADP Enrichment
CVE Program Container
Additional References
- https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf
- https://www.us-cert.gov/ics/advisories/icsa-19-227-01
References
- https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf
- https://www.us-cert.gov/ics/advisories/icsa-19-227-01
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.