CVE-2019-7594

Summary

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsMetasys versions prior to 9.09.0unaffected

Weaknesses

  • CWE-321: CWE-321 Use of Hard-coded Cryptographic Key

ADP Enrichment

CVE Program Container

Additional References

References