Vulnerability Description
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Johnsoncontrols | Bcpro | < 3.0.2 |
| Johnsoncontrols | Metasys System | <= 8.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104937Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/104937Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-10624?
CVE-2018-10624 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the ser...
How severe is CVE-2018-10624?
CVE-2018-10624 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10624?
Check the references section above for vendor advisories and patch information. Affected products include: Johnsoncontrols Bcpro, Johnsoncontrols Metasys System.