cvelistv5 - cve-2022-21936

CVE-2022-21936 (GCVE-0-2022-21936)

Vulnerability from cvelistv5 – Published: 2022-10-07 17:39 – Updated: 2024-09-16 19:40

Summary

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE

Assigner

jci

References

URL

Tags

	https://www.johnsoncontrols.com/cyber-solutions/s…
	https://www.cisa.gov/uscert/ics/advisories/icsa-2…	third-party-advisory

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:00:54.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
          },
          {
            "name": "ICS-CERT Advisory",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-10-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "shortName": "jci"
      },
      "references": [
        {
          "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
        },
        {
          "name": "ICS-CERT Advisory",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Metasys ADX Server version 12.0 running MVE with patch 12.0.1."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Metasys MVE",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
    "assignerShortName": "jci",
    "cveId": "CVE-2022-21936",
    "datePublished": "2022-10-07T17:39:32.661664Z",
    "dateReserved": "2021-12-15T00:00:00",
    "dateUpdated": "2024-09-16T19:40:07.058Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"AND\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50731125-779A-446A-945D-946F44AA3555\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:johnsoncontrols:metasys_for_validated_environments:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5A8E3EE-0E54-493C-9D4F-7B9BEB8E096A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.\"}, {\"lang\": \"es\", \"value\": \"En Metasys ADX Server versi\\u00f3n 12.0 ejecutando MVE, un usuario de Active Directory pod\\u00eda ejecutar acciones validadas sin proporcionar una contrase\\u00f1a v\\u00e1lida cuando usaba MVE SMP UI\"}]",
      "id": "CVE-2022-21936",
      "lastModified": "2024-11-21T06:45:44.510",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"productsecurity@jci.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2022-10-07T18:15:14.867",
      "references": "[{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01\", \"source\": \"productsecurity@jci.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.johnsoncontrols.com/cyber-solutions/security-advisories\", \"source\": \"productsecurity@jci.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.johnsoncontrols.com/cyber-solutions/security-advisories\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "productsecurity@jci.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-21936\",\"sourceIdentifier\":\"productsecurity@jci.com\",\"published\":\"2022-10-07T18:15:14.867\",\"lastModified\":\"2024-11-21T06:45:44.510\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.\"},{\"lang\":\"es\",\"value\":\"En Metasys ADX Server versi\u00f3n 12.0 ejecutando MVE, un usuario de Active Directory pod\u00eda ejecutar acciones validadas sin proporcionar una contrase\u00f1a v\u00e1lida cuando usaba MVE SMP UI\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productsecurity@jci.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"AND\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50731125-779A-446A-945D-946F44AA3555\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:johnsoncontrols:metasys_for_validated_environments:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5A8E3EE-0E54-493C-9D4F-7B9BEB8E096A\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01\",\"source\":\"productsecurity@jci.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.johnsoncontrols.com/cyber-solutions/security-advisories\",\"source\":\"productsecurity@jci.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.johnsoncontrols.com/cyber-solutions/security-advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2022-21936

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.

Aliases

CVE-2022-21936

Aliases

CVE-2022-21936

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-21936",
    "description": "On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.",
    "id": "GSD-2022-21936"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-21936"
      ],
      "details": "On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.",
      "id": "GSD-2022-21936",
      "modified": "2023-12-13T01:19:13.983800Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productsecurity@jci.com",
        "DATE_PUBLIC": "2022-10-04T18:52:00.000Z",
        "ID": "CVE-2022-21936",
        "STATE": "PUBLIC",
        "TITLE": "Metasys MVE"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Metasys ADX server running MVE",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_name": "12.0",
                          "version_value": "12.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Johnson Controls"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-287: Improper Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
            "refsource": "CONFIRM",
            "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
          },
          {
            "name": "ICS-CERT Advisory",
            "refsource": "CERT",
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "Update Metasys ADX Server version 12.0 running MVE with patch 12.0.1."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:johnsoncontrols:metasys_for_validated_environments:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productsecurity@jci.com",
          "ID": "CVE-2022-21936"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ICS-CERT Advisory",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01"
            },
            {
              "name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-10-13T13:09Z",
      "publishedDate": "2022-10-07T18:15Z"
    }
  }
}

ICSA-22-277-01

Vulnerability from csaf_cisa - Published: 2022-10-04 00:00 - Updated: 2022-10-04 00:00

Summary

Johnson Controls Metasys ADX Server

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow an Active Directory user to execute validated actions without providing a valid password.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Ireland

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Exploitability

No known public exploits specifically target this vulnerability. This vulnerability is exploitable remotely. This vulnerability has a low attack complexity.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Johnson Controls, Inc",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow an Active Directory user to execute validated actions without providing a valid password.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Ireland",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability. This vulnerability is exploitable remotely. This vulnerability has a low attack complexity.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-22-277-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-277-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-22-277-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-277-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-277-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      }
    ],
    "title": "Johnson Controls Metasys ADX Server",
    "tracking": {
      "current_release_date": "2022-10-04T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-22-277-01",
      "initial_release_date": "2022-10-04T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2022-10-04T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12.0",
                "product": {
                  "name": "Metasys ADX Server: version 12.0 running MVE",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Metasys ADX Server"
          }
        ],
        "category": "vendor",
        "name": "Johnson Controls Inc"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-21936",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected product software does not prove or insufficiently validates user identity claims.CVE-2022-21936 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21936"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Johnson Controls recommends users update Metasys ADX Server version 12.0 running MVE with patch 12.0.1.  Users should contact Johnson Controls or Authorized Building Control Specialists (ABCS) for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more detailed mitigation instructions, users should see Johnson Controls Product Security Advisory JCI-PSA-2022-11 at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

CNVD-2022-87597

Vulnerability from cnvd - Published: 2022-12-14

Title

Johnson Controls Metasys ADX Server授权问题漏洞

Description

Johnson Controls Metasys ADX Server是美国江森自控（Johnson Controls）公司的一款数据服务器。用于管理大量趋势数据、事件消息、操作员事务和系统配置数据。 Johnson Controls Metasys ADX Server 12.0版本存在授权问题漏洞，该漏洞源于应用程序存在不当的访问控制，攻击者可利用漏洞导致在使用MVE SMP UI时，AD用户可以在不提供有效密码的情况下执行验证的操作。

Severity

高

Patch Name

Johnson Controls Metasys ADX Server授权问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2022/jci-psa-2022-11.pdf?la=en&hash=D74B493B2736B443F57FC3E26E10B2B8C0554B4C

Reference

https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01

Impacted products

Name
Johnson Controls Metasys ADX Server 12.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-21936",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-21936"
    }
  },
  "description": "Johnson Controls Metasys ADX Server\u662f\u7f8e\u56fd\u6c5f\u68ee\u81ea\u63a7\uff08Johnson Controls\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u6570\u636e\u670d\u52a1\u5668\u3002\u7528\u4e8e\u7ba1\u7406\u5927\u91cf\u8d8b\u52bf\u6570\u636e\u3001\u4e8b\u4ef6\u6d88\u606f\u3001\u64cd\u4f5c\u5458\u4e8b\u52a1\u548c\u7cfb\u7edf\u914d\u7f6e\u6570\u636e\u3002\n\nJohnson Controls Metasys ADX Server 12.0\u7248\u672c\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u4e0d\u5f53\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u5728\u4f7f\u7528MVE SMP UI\u65f6\uff0cAD\u7528\u6237\u53ef\u4ee5\u5728\u4e0d\u63d0\u4f9b\u6709\u6548\u5bc6\u7801\u7684\u60c5\u51b5\u4e0b\u6267\u884c\u9a8c\u8bc1\u7684\u64cd\u4f5c\u3002",
  "discovererName": "Johnson Controls",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2022/jci-psa-2022-11.pdf?la=en\u0026hash=D74B493B2736B443F57FC3E26E10B2B8C0554B4C",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-87597",
  "openTime": "2022-12-14",
  "patchDescription": "Johnson Controls Metasys ADX Server\u662f\u7f8e\u56fd\u6c5f\u68ee\u81ea\u63a7\uff08Johnson Controls\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u6570\u636e\u670d\u52a1\u5668\u3002\u7528\u4e8e\u7ba1\u7406\u5927\u91cf\u8d8b\u52bf\u6570\u636e\u3001\u4e8b\u4ef6\u6d88\u606f\u3001\u64cd\u4f5c\u5458\u4e8b\u52a1\u548c\u7cfb\u7edf\u914d\u7f6e\u6570\u636e\u3002\r\n\r\nJohnson Controls Metasys ADX Server 12.0\u7248\u672c\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u4e0d\u5f53\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u5728\u4f7f\u7528MVE SMP UI\u65f6\uff0cAD\u7528\u6237\u53ef\u4ee5\u5728\u4e0d\u63d0\u4f9b\u6709\u6548\u5bc6\u7801\u7684\u60c5\u51b5\u4e0b\u6267\u884c\u9a8c\u8bc1\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Johnson Controls Metasys ADX Server\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Johnson Controls Metasys ADX Server 12.0"
  },
  "referenceLink": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01",
  "serverity": "\u9ad8",
  "submitTime": "2022-10-11",
  "title": "Johnson Controls Metasys ADX Server\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

GHSA-JHWW-39JR-3QQF

Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-13 19:00

Details

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-21936"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-07T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.",
  "id": "GHSA-jhww-39jr-3qqf",
  "modified": "2022-10-13T19:00:23Z",
  "published": "2022-10-07T18:15:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21936"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01"
    },
    {
      "type": "WEB",
      "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2022-21936

Vulnerability from fkie_nvd - Published: 2022-10-07 18:15 - Updated: 2024-11-21 06:45

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.

References

URL	Tags
productsecurity@jci.com	https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01	Third Party Advisory, US Government Resource
productsecurity@jci.com	https://www.johnsoncontrols.com/cyber-solutions/security-advisories	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.johnsoncontrols.com/cyber-solutions/security-advisories	Vendor Advisory

Impacted products

	Vendor	Product	Version
	johnsoncontrols	metasys_extended_application_and_data_server	12.0
	johnsoncontrols	metasys_for_validated_environments	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50731125-779A-446A-945D-946F44AA3555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:johnsoncontrols:metasys_for_validated_environments:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A8E3EE-0E54-493C-9D4F-7B9BEB8E096A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "AND"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI."
    },
    {
      "lang": "es",
      "value": "En Metasys ADX Server versi\u00f3n 12.0 ejecutando MVE, un usuario de Active Directory pod\u00eda ejecutar acciones validadas sin proporcionar una contrase\u00f1a v\u00e1lida cuando usaba MVE SMP UI"
    }
  ],
  "id": "CVE-2022-21936",
  "lastModified": "2024-11-21T06:45:44.510",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "productsecurity@jci.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-10-07T18:15:14.867",
  "references": [
    {
      "source": "productsecurity@jci.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01"
    },
    {
      "source": "productsecurity@jci.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
    }
  ],
  "sourceIdentifier": "productsecurity@jci.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-21936 (GCVE-0-2022-21936)

GSD-2022-21936

ICSA-22-277-01

CNVD-2022-87597

GHSA-JHWW-39JR-3QQF

FKIE_CVE-2022-21936

Tags

Sightings

Nomenclature