Vulnerability Description
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Johnsoncontrols | Metsys | 4.1 |
| Johnsoncontrols | Application And Data Server | - |
| Johnsoncontrols | Extended Application And Data Server | - |
| Johnsoncontrols | Lonworks Control Server Lcs8520 | - |
| Johnsoncontrols | Network Automation Engine 5510-2 | - |
| Johnsoncontrols | Network Automation Engine 5510-2U | - |
| Johnsoncontrols | Network Automation Engine 5511-2 | - |
| Johnsoncontrols | Network Automation Engine 5520-2 | - |
| Johnsoncontrols | Network Automation Engine 5521-2 | - |
| Johnsoncontrols | Network Integration Engine 5510-2 | - |
| Johnsoncontrols | Network Integration Engine 5511-2 | - |
| Johnsoncontrols | Nxe8500 | - |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-14-350-02Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-14-350-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2014-5427?
CVE-2014-5427 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (N...
How severe is CVE-2014-5427?
CVE-2014-5427 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5427?
Check the references section above for vendor advisories and patch information. Affected products include: Johnsoncontrols Metsys, Johnsoncontrols Application And Data Server, Johnsoncontrols Extended Application And Data Server, Johnsoncontrols Lonworks Control Server Lcs8520, Johnsoncontrols Network Automation Engine 5510-2.