CVE-2014-5428

Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script.
References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-14-350-02 Third Party Advisory US Government Resource
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:johnsoncontrols:metsys:4.1:*:*:*:*:*:*:*
cpe:2.3:a:johnsoncontrols:metsys:6.5:*:*:*:*:*:*:*
OR cpe:2.3:h:johnsoncontrols:network_automation_engine_5510-2u:-:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:network_automation_engine_5520-2:-:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:network_integration_engine_5510-2:-:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:network_integration_engine_5511-2:-:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:nxe8500:-:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:application_and_data_server:-:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:extended_application_and_data_server:-:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:lonworks_control_server_lcs8520:-:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:network_automation_engine_5510-2:-:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:network_automation_engine_5511-2:-:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:network_automation_engine_5521-2:-:*:*:*:*:*:*:*

Information

Published : 2015-03-29 03:59

Updated : 2015-03-30 11:45


NVD link : CVE-2014-5428

Mitre link : CVE-2014-5428


JSON object : View

Advertisement

dedicated server usa

Products Affected

johnsoncontrols

  • network_automation_engine_5510-2u
  • network_automation_engine_5510-2
  • network_automation_engine_5521-2
  • network_integration_engine_5510-2
  • network_integration_engine_5511-2
  • nxe8500
  • metsys
  • network_automation_engine_5520-2
  • application_and_data_server
  • network_automation_engine_5511-2
  • extended_application_and_data_server
  • lonworks_control_server_lcs8520