Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).
References
Link | Resource |
---|---|
https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2019/jci-psa-2019-06-v1-metasys-icsa-19-227-01.pdf | Vendor Advisory |
https://www.us-cert.gov/ics/advisories/icsa-19-227-01 | Mitigation Third Party Advisory US Government Resource |
Configurations
Information
Published : 2019-08-20 12:15
Updated : 2020-02-10 13:53
NVD link : CVE-2019-7593
Mitre link : CVE-2019-7593
JSON object : View
CWE
CWE-798
Use of Hard-coded Credentials
Products Affected
johnsoncontrols
- metasys_system