Multiple vulnerabilities in Johnson Controls System Configuration Tool (SCT)



Published: 2023-02-10
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2022-21939
CVE-2022-21940
CWE-ID CWE-1004
CWE-614
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Metasys System Configuration Tool (SCT)
Client/Desktop applications / Other client software

Vendor Johnson Controls

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Sensitive Cookie Without HttpOnly Flag

EUVDB-ID: #VU72111

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21939

CWE-ID: CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application does not set the "HttpOnly" flag on a cookies used for authentication. A remote attacker can obtain sensitive information passed via the cookie using a third-party script.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Metasys System Configuration Tool (SCT): 14.2 - 15.0.2

External links

http://ics-cert.us-cert.gov/advisories/icsa-23-040-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Sensitive Cookie in HTTPS Session Without Secure Attribute

EUVDB-ID: #VU72112

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21940

CWE-ID: CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application does not set the "Secure" flag on a cookies used for authentication. A remote attacker can obtain sensitive information passed via the cookie using a third-party script.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Metasys System Configuration Tool (SCT): 14.2 - 15.0.2

External links

http://ics-cert.us-cert.gov/advisories/icsa-23-040-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###