Vulnerability Description
The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Johnsoncontrols | Network Controller | ck721-a |
| Johnsoncontrols | Network Controller Firmware | <= 03.1.0.14 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/977312US Government Resource
- http://www.kb.cert.org/vuls/id/MORO-8UYN8P
- http://www.kb.cert.org/vuls/id/977312US Government Resource
- http://www.kb.cert.org/vuls/id/MORO-8UYN8P
FAQ
What is CVE-2012-2607?
CVE-2012-2607 is a vulnerability with a CVSS score of 7.5 (HIGH). The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).
How severe is CVE-2012-2607?
CVE-2012-2607 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2607?
Check the references section above for vendor advisories and patch information. Affected products include: Johnsoncontrols Network Controller, Johnsoncontrols Network Controller Firmware.