Headline
CVE-2022-21938: Product Security Advisories
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.
Johnson Controls keeps your building management systems, IT infrastructures, and connected equipment secure with a firm commitment to technological innovation and continual product development.
This includes creating product security advisories as an essential part of our rapid response protocol for cybersecurity incidents. You can learn about problems we identified — as well as the actions we took to mitigate risk — right here.
2022 Product Security Advisories
Title/Security Advisory ID
Affected Product
Overview
Mitigation
Initial Publication Date
Last updated
Metasys
JCI-PSA-2022-10
Metasys
Vulnerabilities impacting Metasys ADS/ADX/OAS Servers
See link for general guidance
June 14, 2022
June 14, 2022
Spring4Shell
JCI-PSA-2022-14 v3
General
General Guidance
See link for general guidance
April 19, 2022
May 20, 2022
Metasys
JCI-PSA-2022-09
Metasys
Vulnerability impacting Metasys ADS/ADX/OAS Servers versions 10 and 11
See link for general guidance
May 5, 2022
May 5, 2022
Metasys ADS/ADX/OAS
JCI-PSA-2022-08
Metasys
Vulnerability impacting Metasys ADS/ADX/OAS Servers versions 10 and 11
See link for general guidance
April 28, 2022
April 28, 2022
Log4Shell
JCI-PSA-2021-23 v24
General
General guidance
See link for general guidance
December 14, 2021
April 21, 2022
Metasys System Configuration Tool (SCT) and System Configuration Tool Pro (SCT Pro)
JCI-PSA-2022-03
Metasys
Vulnerability impacting Metasys System Configuration Tool (SCT) and System Configuration Tool Pro (SCT Pro) all versions prior to 14.2.2
See link for general guidance
April 21, 2022
April 21, 2022
Metasys ADS/ADX/OAS Servers
JCI-PSA-2022-06
Metasys
Vulnerability impacting Metasys ADS/ADX/OAS Servers versions 10 and 11
See link for general guidance
April 14, 2022
April 14, 2022
Metasys ADS/ADX/OAS Servers
JCI-PSA-2022-02
Metasys
Vulnerability impacting Metasys ADS/ADX/OAS versions 10 and 11
See link for general guidance
March 17, 2022
March 17, 2022
DSC PowerManage
JCI-PSA-2022-01 v2
DSC
Vulnerability impacting DSC PowerManage versions 4.0 to 4.8
See link for general guidance
February 3, 2022
March 7, 2022
2021 Product Security Advisories
Title/Security Advisory ID
Affected Product
Overview
Mitigation
Initial Publication Date
Last updated
Log4Shell
JCI-PSA-2021-23 v9
General
General guidance
See link for general guidance
December 14, 2021
December 22, 2021
American Dynamics VideoEdge
JCI-PSA-2021-21
American Dynamics VideoEdge
Vulnerability impacting VideoEdge versions 5.4.1 to 5.7.1
See link for mitigation options
December 22, 2021
December 22, 2021
exacqVision Enterprise Manager
JCI-PSA-2021-24
exacqVision Enterprise Manager
Vulnerability impacting all versions of exacqVision Enterprise Manager up to and including version 21.12
See link for mitigation options
December 20, 2021
December 20, 2021
Kantech Entrapass
JCI-PSA-2021-22
Kantech Entrapass
Vulnerability impacting Entrapass all versions prior to 8.40
See link for mitigation options
December 2, 2021
December 2, 2021
CEM Systems AC2000
JCI-PSA-2021-20
CEM Systems AC2000
Vulnerability impacting AC2000 all versions prior to 10.6
See link for mitigation options
November 30, 2021
November 30, 2021
American Dynamics VideoEdge
JCI-PSA-2021-17
American Dynamics VideoEdge
Vulnerability impacting VideoEdge versions prior to 5.7.1
See link for mitigation options
November 2, 2021
November 2, 2021
American Dynamics victor Video Management System
JCI-PSA-2021-19
American Dynamics victor Video Management System
Vulnerability impacting victor Video Management System version 5.7 and prior
See link for mitigation options
October 28, 2021
October 28, 2021
exacqVision Server
JCI-PSA-2021-18
exacqVision Server
Vulnerability impacting exacqVision Server 32-bit version 21.06.11.0 or older
See link for mitigation options
October 7, 2021
October 7, 2021
exacqVision Web Service
JCI-PSA-2021-16
exacqVision Web Service
Vulnerability impacting exacqVision Web Service version 21.06.11.0 or older
See link for mitigation options
October 7, 2021
October 7, 2021
Kantech KT-1 Door Controller
JCI-PSA-2021-14
Kantech KT-1 Door Controller
Vulnerability impacting all version Kantech KT-1 Controller including 3.01
See link for mitigation options
September 10, 2021
September 10, 2021
Tyco Illustra
JCI-PSA-2021-13
Tyco Illustra
Vulnerability impacting specific versions Tyco Illustra
See link for mitigation options
August 31, 2021
August 31, 2021
CEM Systems AC2000
JCI-PSA-2021-15
CEM Systems AC2000
Vulnerability impacting specific versions CEM Systems AC2000
See link for mitigation options
August 26, 2021
August 26, 2021
Kantech
KT-1 Door Controller
JCI-PSA-2021-12
Kantech
KT-1 Door Controller
Vulnerability impacting all versions Kantech KT-1 Door Controller including 2.09.02 and earlier
See link for mitigation options
August 19, 2021
August 19, 2021
Software House C•CURE 9000
JCI-PSA-2021-10 v2
Software House C•CURE 9000
Vulnerability impacting all versions of Software House C•CURE 9000 prior to version 2.80
See link for mitigation options
July 01, 2021
August 12, 2021
Facility Explorer
JCI-PSA-2021-11
Facility Explorer
Vulnerability impacting Facility Explorer SNC Series Supervisory Controllers (F4-SNC)
See link for mitigation options
July 01, 2021
July 01, 2021
Software House C•CURE 9000
JCI-PSA-2021-10
Software House C•CURE 9000
Vulnerability impacting all versions of Software House C•CURE 9000 prior to version 2.80
See link for mitigation options
July 01, 2021
July 01, 2021
exacqVision Web Service
JCI-PSA-2021-09
exacqVision Web Service
Vulnerability impacting all versions of exacqVision Web Service including 21.03
See link for mitigation options
June 24, 2021
June 24, 2021
exacqVision Enterprise Manager
JCI-PSA-2021-08
exacqVision Enterprise Manager
Vulnerability impacting all versions of exacqVision Enterprise Manager including 20.12
See link for mitigation options
June 24, 2021
June 24, 2021
Metasys Servers, Engines, and SCT Tools Web Services
JCI-PSA-2021-05
Metasys Servers, Engines, and SCT Tools Web Services
Vulnerability impacting web services for Metasys Servers, Engines, and SCT Tools
See link for mitigation options.
June 04, 2021
June 04, 2021
American Dynamics VideoEdge
JCI-PSA-2021-07
American Dynamics
VideoEdge
Vulnerability impacting all versions of VideoEdge prior to 5.7.0
See link for mitigation options.
May 27, 2021
May 27, 2021
American Dynamics Tyco AI
JCI-PSA-2021-06
American Dynamics Tyco AI
Vulnerability impacting all versions of Tyco AI up to and including v1.2
See link for mitigation options.
May 13, 2021
May 13, 2021
exacqVision Network Video Recorder
JCI-PSA-2021-04
exacqVision Network Video Recorder
Vulnerability impacting specific versions of the exacqVision Network Video Recorder
See link for mitigation options.
April 29, 2021
April 29, 2021
exacqVision Web Service
JCI-PSA-2021-03
exacqVision Web Service
Vulnerability impacting all versions of exacqVision Web Service
See link for mitigation options.
March 18, 2021
March 18, 2021
Metasys Report Engine (MRE) Web Services
JCI-PSA-2021-02
Metasys Report Engine (MRE) Web Services
Vulnerability impacting specific versions of Metasys Report Engine (MRE) Web Services
See link for mitigation options.
February 18, 2021
February 18, 2021
Sur-Gard
JCI-PSA-2021-01
Sur-Gard System 5 receivers
Vulnerability impacting Sur-Gard System 5 receivers
See link for mitigation options.
January 26, 2021
January 26, 2021
AD victor Web Client and SWH C•CURE Web Client
JCI-PSA-2020-9 v2
American Dynamics victor Web Client and Software House C•CURE Web Client
Vulnerability impacting specific versions of American Dynamics victor Web Client and Software House C•CURE Web Client
See link for mitigation options.
October 08, 2020
January 05, 2021
2020 Product Security Advisories
Title/Security Advisory ID
Affected Product
Overview
Mitigation
Initial Publication Date
Last updated
AD victor Web Client and SWH C•CURE Web Client
JCI-PSA-2020-10 v2
American Dynamics victor Web Client and Software House C•CURE Web Client
Vulnerability impacting specific versions of American Dynamics victor Web Client and Software House C•CURE Web Client
See link for mitigation options.
November 19, 2020
November 24, 2020
victor Web Client
JCI-PSA-2020-09
victor Web Client
Vulnerability impacting versions of victor Web Client
Upgrade all versions of victor Web Client to v5.6.
October 8, 2020
October 8, 2020
Sur-Gard
JCI-PSA-2020-08
Sur-Gard System 5 receivers
Vulnerability impacting Sur-Gard System 5 receivers
See link for mitigation options.
August 20,2020
August 20, 2020
exacqVision
JCI-PSA-2020-07 v2
exacqVision Web Service and exacqVision Enterprise Manager
Vulnerability impacting exacqVision Web Service and exacqVision Enterprise Manager
All users should upgrade exacqVision Web Service to version 20.06.4 or higher and exacqVision Enterprise Manager to version 20.06.5 or higher.
June 18, 2020
July 2, 2020
C•CURE 9000/victor
JCI-PSA-2020-4 v4
Software House C•CURE 9000 and American Dynamics victor Video Management System
Vulnerability impacting Software House C•CURE 9000 and American Dynamics victor Video Management System software installer.
See link for mitigation options.
May 21, 2020
June 2, 2020
Kantech EntraPass
JCI-PSA-2020-6 v1
All versions of Kantech EntraPass editions up to and including v8.22
Vulnerability impacting system permissions for all versions of Tyco Kantech EntraPass Security Management Software Editions.
All users should upgrade Kantech EntraPass Editions to version 8.23.
May 26, 2020
May 26,2020
BCPro
JCI-PSA-2020-5 v1
BCPro
Vulnerability impacting the BCPro and BCT software.
A patch has been developed to address this issue.
April 23, 2020
April 23, 2020
Metasys XXE
JCI-PSA-2020-3 v1
Metasys Server
Vulnerability impacting the Metasys Server software products and some network engines.
A patch has been developed to address this issue.
March 10, 2020
March 10, 2020
SmartService API
JCI-PSA-2020-2 v1
Kantech EntraPass
Vulnerability impacting the SmartService API Service option in some editions of Kantech EntraPass.
Upgrade impacted Kantech EntraPass Global and Corporate edition software to version 8.10.
March 10, 2020
March 10, 2020
ElasticSearch Kibana
JCI-PSA-2020-1 v1
Metasys Server 10.0 using Kibana version 6.2.3
Vulnerabilities impacting ElasticSearch/Kibana visualizer component.
Remove the Windows component called Kibana-6.2.3 from computers running Metasys Server (Release 10.0).
January 31, 2020
January 31, 2020
2019 Product Security Advisories
Title/Security Advisory ID
Affected Product
Overview
Mitigation
Initial Publication Date
Last updated
Flexera FlexNet Publisher -
JCI-PSA-2019-12 v1
Software House C•CURE v2.70 and earlier running FlexNet Publisher version 11.16.1.0 and earlier
Vulnerabilities impacting the Flexera FlexNet Publisher licensing
manager
Install C•CURE 9000 v2.70 Service Pack 3 Critical Update 05 (Unified 3.70 SP3 CU05) or upgrade to C•CURE 9000 v2.80
December 3, 2019
December 3, 2019
PC Annunciator -
JCI-PSA-2019-11 v1
TrueAlarm Fire Alarm
System, 4190 PC Annunciator
Remote Desktop Services Remote Code Execution Vulnerability (a.k.a. “BlueKeep”)
Apply all applicable Microsoft security updates
November 21, 2019
November 21, 2019
Facility Explorer -
JCI-PSA-2019-10 v1
Facility Explorer-
FX 14.7.2, FX 14.4, FX 6.5
Vulnerabilities exist in the QNX operating system used in
Facility Explorer
Apply available QNX patch or update
October 30, 2019
October 30, 2019
Metasys ICS-CERT Advisory ICSA-19-227-01
JCI-PSA-2019-06 v1
CVE-2019-7593
CVE-2019-7594
Metasys® ADS/ADX servers and NAE/NIE/NCE engines impacting versions prior to 9.0.
An attacker with access to the shared RSA key pair or a hardcoded RC2 key could potentially decrypt captured network traffic between the Metasys® ADS/ADX servers or NAE/NIE/NCE engines and the connecting Site Management Portal (SMP) user client
These issues were addressed in version 9.0 of these Metasys® components. We recommend upgrading all Metasys® ADS/ADX servers and NAE/NIE/NCE engines to at least version 9.0 to assure all enhancements in this latest release are active. Sites should also be configured with trusted certificates
August 15, 2019
August 15, 2019
Bluetooth “KNOB” attack or BR/EDR Key Negotiation Vulnerability
CVE-2019-9506 JCI-PSA-2019-08 v1
Find out more about from NIST National Vulnerability Database (NVD) and MITRE CVE® List.
Security advisories for affected products will be appended to this web page as they are made available.
The PSA IDs for each product specific advisory has common root followed by “.x” where x is the instance number (JCI-PSA-2019-08.x).
A researcher has identified a vulnerability that affects Bluetooth devices that employ Bluetooth BR/EDR Bluetooth Core specification versions 1.0 through 5.1
Refer to respective Product Security Advisories (when released)
August 13, 2019
August 13, 2019
JCI-PSA-2019-03
Please visit the ICS-CERT advisory linked below for complete information and additional resources.
ICS-CERT-19-199-01
exacqVision Server 9.6 and 9.8 application running on Windows operating system (all supported versions of Windows).
On March 28, 2019, Tyco security solutions published a product security advisory for exacqVision Server Application
Please reference the linked Johnson Controls advisory below to find mitigation steps: Click Here
March 28, 2019
July 18, 2019
TrueInsight Module Vulnerability
JCI-PSA-2019-05
TrueInsight modules used to connect the Simplex® 4007ES, 4010ES, 4100ES, and 4100U Fire Alarm Control Panels
This vulnerability impacts all TrueInsight modules. If properly exploited, this vulnerability could result in unauthorized access to the fire system. Unfortunately, there is no patch available to fix the vulnerability
Please reference the linked Johnson Controls advisory below to find mitigation steps: Click Here
July 8, 2019
July 8, 2019
Microsoft® Remote Desktop Services Remote Code Execution Vulnerability (a.k.a. “BlueKeep”)
Microsoft® Remote Desktop Services Remote Code Execution Vulnerability (a.k.a. “BlueKeep”).
Vulnerable in-support systems include Windows 7 operating system, Windows Server® 2008 R2, and Windows Server 2008 systems.
Out-of-support but affected operating systems include Windows Server 2003 and Windows XP® operating systems
Microsoft discovered a vulnerability in its Remote Desktop service that is included in most versions of a wide variety of its operating systems. Although this vulnerability is not associated with any specific Johnson Controls application, it does impact the computer environments that can host those applications
Microsoft has released a product update that patches this security issue.
Please reference the linked advisory below to find mitigation steps: Click Here
May 22, 2019
May 22, 2019
ICS-CERT Advisory ICSA-19-163-01
Please visit the ICS-CERT advisory linked above for complete information and additional resources.
ExacqVision (ESM) v5.12.2 and all prior versions of ESM running on a Windows operating system.
This issue does not impact Linux deployments with permissions that are not inherited from the root directory
On February 15, 2019, Tyco security solutions published a product security advisory for ExacqVision Enterprise System Manager (ESM)
Please reference the linked Tyco advisory below to find mitigation steps: Click Here
February 15, 2019
March 28, 2019
2018 Product Security Advisories
Title/Security Advisory ID
Affected Product
Overview
Mitigation
Initial Publication Date
Last updated
CPP-PSA-20180-02 v1
Facility Explorer™ Path Traversal and Improper Authentication Vulnerabilities
ICS CERT Notice ICSA-19-022-01
CVE-2017-16744
CVE-2017-16748
Please visit the ICS CERT notice linked above for complete information and additional resources.
Facility Explorer 6.x (Niagara AX Framework™) systems, prior to 6.6
Facility Explorer 14.x (Niagara 4) systems, prior to 14.4u1
_Facility Explore_r Software Release 6.6 and 14.4u1 includes several fixes and important vulnerability mitigations for cybersecurity protection.
Customers should upgrade to the latest available product versions.
Johnson Controls recommends taking steps to minimize risks to all building automation systems.
The Department of Homeland Security’s ICS-CERT also provides a section for Control Systems Security Recommended Practices.
January 11, 2018
September 4, 2018
ICSA-14-350-02
Metasys® Building Automation System (BAS) Information Disclosure Vulnerability
ICS Cert Notice ICSA-18-212-02
CVE-2018-10624
Please visit the ICS CERT notice linked above for complete information and additional resources.
Metasys system versions 8.0 and prior. BCM (now BC Pro) all versions prior to 3.0.2
A previous version of the Metasys BAS could potentially reveal technical information when an authentication error occurs in the BAS server.
Customers should upgrade to the latest product versions. Contact your Johnson Controls Sales or Service representative for details.
Johnson Controls recommends taking steps to minimize risks to all BASs.Please reference our
Metasys Security Page.The Department of Homeland Security’s ICS-CERT also provides a section for Control Systems Security Recommended Practices.
March 17, 2015
August 27, 2018
Pub # GPS-PSA-2018-02
“Meltdown” and “Spectre” Vulnerabilities CERT Vulnerability Note VU#584653
Johnson Controls Product Security Incident Response Team (PSIRT) is assessing potential impact to Johnson Controls products. Find Updates Here.
Researchers recently disclosed new security vulnerabilities that impact aspects of many modern processors and that could be exploited to allow an attacker to obtain access to sensitive data. These vulnerabilities allow for side-channel attacks to read data from memory. These vulnerabilities can affect personal computers, mobile devices, and the cloud.
Although there are currently no known workarounds, below are some suggested actions that customers can take in the short term to reduce their risks:
Check this site regularly for updated information.
As always, prior to deploying software patches or updates, test such patches or updates on non-production systems and follow all vendor instructions and warnings to ensure such patches or updates do not impair system functionality.
Although not specific to this vulnerability, always implement proper building system and corporate network segmentation and boundary security and access controls.
January 10, 2018
January 26, 2018
2017 Product Security Advisories
Title/Security Advisory ID
Affected Product
Overview
Mitigation
Initial Publication Date
Last updated
“KRACK” Wi-Fi Vulnerability Attacks: CERT Vulnerability Note VU#228519
Johnson Controls Product Security Incident Response Team (PSIRT) is assessing potential impact to Johnson Controls products. Update to follow.
A significant weakness in a commonly used Wi-Fi security protocol was announced recently which could put the confidentiality of data transferred through wireless at risk. The attack, dubbed “KRACK” affects a newly discovered weakness in the WPA2 protocol which is commonly to secure Wi-Fi networks.
An attacker within range of a victim can potentially exploit these weaknesses to access some types of information transmitted between wireless clients and wireless network access points, thereby reducing the confidentiality and integrity of the data being transmitted.
October 16, 2017
November 16, 2017
US CERT Alert TA17-132A017-0143
“Indicators Associated with WannaCry Ransomware”
All Metasys® software releases running on affected OS’, All NxE55 series, all NxE85 series and LCS8520
IT systems worldwide have been affected by a prolific Ransomware attack which leverages a Microsoft SMB protocol vulnerability which may affect some Metasys system components.
Apply Microsoft patch for MS17-010 for host operating systems. Contact your JCI Field Representative for remediation details for specific Metasys products.
May 12, 2017
June 7, 2018
2015 Product Security Advisories
Title/Security Advisory ID
Affected Product
Overview
Mitigation
Initial Publication Date
Last updated
ICSA-14-350-02
Metasys® releases 4.1 to 6.5: ADS, ADX, LCS8520, NAE, NIE, NxE8500
Independent security researcher Billy Rios identified two vulnerabilities in Johnson Controls Metasys® building automation system.
Johnson Controls has produced patches for each affected release that mitigate these vulnerabilities. Contact your Johnson Controls representative for more information.
March 17, 2015
August 27, 2018
US CERT Alert TA17-132A017-0143
“Indicators Associated with WannaCry Ransomware”
All Metasys® software releases running on affected OS’, All NxE55 series, all NxE85 series and LCS8520
IT systems worldwide have been affected by a prolific Ransomware attack which leverages a Microsoft SMB protocol vulnerability which may affect some Metasys system components.
Apply Microsoft patch for MS17-010 for host operating systems. Contact your JCI Field Representative for remediation details for specific Metasys products
May 12, 2017
June 7, 2018
2014 Product Security Advisories
Title/Security Advisory ID
Affected Product
Overview
Mitigation
Initial Publication Date
Last updated
CVE-2014-0160"Heartbleed"
None
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data.
No mitigation required
August 8, 2014
August 25, 2015
CVE-2014-6271"Shellshock"
None
A flaw in the GNU Bourne-Again Shell (Bash) could allow an attacker to remotely execute shell commands.
No mitigation required
September 25, 2014
August 25, 2015
CVE-2014-3566
US-CERT Alert TA-14290A
Metasys® Release 6.5, 7.0, 8.0: Application and Data Server (ADS), Extended Application and Data Server (ADX), ADS-Lite, Open Data Server (ODS), Metasys® Advanced Reporting System, Metasys® Export Utility, Ready Access Portal, and Metasys® User Interface (UI) Release 1.5, 1.5.1, and 2.0
Commonly referred to as Padding Oracle on Downgraded Legacy Encryption (POODLE), this vulnerability may allow an attacker to decrypt cipher
text using a padding oracle side channel attack. The attack leverages the ability for the communication to be downgraded to SSL V3, an older and less secure version of SSL which is vulnerable to attack.
This does not involve any patches or updates to our products, simply a reminder to address this at the Microsoft operating system level.
Disable SSLv3 on the server and standalone computers hosting the affected Metasys software
October 17, 2014
September 30,2016
For everything from asking a question to raising an alarm, please use this form for a quick response from our Johnson Controls cybersecurity organization.
Report a potential vulnerability or cybersecurity concern | Ask about products and services | Learn about protecting your smart building
Related news
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023.
Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I participated in two educational activities. The first one is an on-line cyber security course for […]
Red Hat strives to get better at what we do, faster at how we do it, while maintaining high quality results. In modern software development, that means focusing on security as early as possible into our software development process, and continuously driving improvements by listening and acting upon early feedback in the Secure Development Lifecycle (SDL). One important tool toward that goal is the Common Weakness Enumeration (CWE), a community-developed taxonomy of flaws. We use CWE classifications to gather intelligence and data to visualize clustering common weaknesses. We can then better
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
Scans of the Internet find that millions of computers, virtual machines, and containers are vulnerable to one or more of the hundreds of cyberattacks currently used in the wild, despite being patchable.
Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.
Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php.
Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.
Punycode-related flaw fails the logo test
The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email
Is the new Heartbleed or just a bleeding distraction?
Even if the security bug is not another Heartbleed, prepare like it might be, they note — it has potentially sprawling ramifications.
Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware.
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port).
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Bitcoin Core 0.20.0 allows remote denial of service.
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.