Denial of service in Johnson Controls Metasys
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-9044 |
| CWE-ID | CWE-611 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Metasys ADS Server applications / Application servers Metasys ADX Server applications / Application servers Metasys Open Data Server (ODS) Server applications / SCADA systems Metasys Open Application Server (OAS) Server applications / Other server solutions Metasys LonWorks Control Server (LCS) Server applications / Other server solutions Metasys Network Automation Engine (NAE55) Hardware solutions / Other hardware appliances Metasys Network Integration Engine (NIE55) Hardware solutions / Firmware Metasys Network Integration Engine (NIE59) Hardware solutions / Firmware Metasys Network Automation Engine (NAE85) Hardware solutions / Firmware Network Integration Engine (NIE85) Hardware solutions / Firmware Metasys Smoke Control Network Automation Engine (NAE55) Hardware solutions / Firmware Smoke Control Network Automation Engine (UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) Hardware solutions / Firmware Metasys System Configuration Tool (SCT) Client/Desktop applications / Other client software |
| Vendor | Johnson Controls |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) XML External Entity injection
EUVDB-ID: #VU25987
Risk: High
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-9044
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied XML input. A remote attacker can pass a specially crafted XML code to the affected application and harvest ASCII files from the server.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsMetasys ADS: 10.1
Metasys ADX: 10.1
Metasys Open Data Server (ODS): 10.1
Metasys Open Application Server (OAS): 10.1
Metasys Network Automation Engine (NAE55): 9.0.1 - 9.0.6
Metasys Network Integration Engine (NIE55): 9.0.1 - 9.0.6
Metasys Network Integration Engine (NIE59): 9.0.1 - 9.0.6
Metasys Network Automation Engine (NAE85): 10.1
Network Integration Engine (NIE85): 10.1
Metasys LonWorks Control Server (LCS): 10.1
Metasys System Configuration Tool (SCT): 13.2
Metasys Smoke Control Network Automation Engine (NAE55): 8.1
Smoke Control Network Automation Engine (UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed): 8.1
External linkshttp://www.us-cert.gov/ics/advisories/icsa-20-070-05
http://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2020/jci-psa-2020_3-v1-microsoft_net-framework.pdf?la=en&hash=FFFFDCAB051B8EB3DA1C605C966F077F28AE1BD3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
