CVE-2020-9044

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1.

CVSS v3.0 9.1 CRITICAL
CVSS v2.0 6.4 MEDIUM

9.1^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories	Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-070-05	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server::::::::
	cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:::::lite:::*
	cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server::::::::
	cpe:2.3:a:johnsoncontrols:metasys_lonworks_control_server::::::::
	cpe:2.3:a:johnsoncontrols:metasys_open_application_server:10.1:::::::*
	cpe:2.3:a:johnsoncontrols:metasys_open_data_server::::::::
	cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool::::::::

Configuration 2 (hide)

AND

OR	cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.1:::::::*
	cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.2:::::::*
	cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.3:::::::*
	cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.5:::::::*
	cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.6:::::::*

cpe:2.3:h:johnsoncontrols:nae55:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.1:::::::*
	cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.2:::::::*
	cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.3:::::::*
	cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.5:::::::*
	cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.6:::::::*

cpe:2.3:h:johnsoncontrols:nie55:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.1:::::::*
	cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.2:::::::*
	cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.3:::::::*
	cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.5:::::::*
	cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.6:::::::*

cpe:2.3:h:johnsoncontrols:nie59:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:johnsoncontrols:nae85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:johnsoncontrols:nae85:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:johnsoncontrols:nie85_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:johnsoncontrols:nie85:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:johnsoncontrols:nae55_firmware:8.1:*:*:*:*:*:*:*

cpe:2.3:h:johnsoncontrols:nae55:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:johnsoncontrols:ul_864_uukl_firmware:8.1:*:*:*:*:*:*:*

cpe:2.3:h:johnsoncontrols:ul_864_uukl:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:johnsoncontrols:ord-c100-13_uuklc_firmware:8.1:*:*:*:*:*:*:*

cpe:2.3:h:johnsoncontrols:ord-c100-13_uuklc:-:*:*:*:*:*:*:*

Information

Published : 2020-03-10 13:15

Updated : 2020-03-11 14:28

NVD link : CVE-2020-9044

Mitre link : CVE-2020-9044

JSON object : View

CWE

CWE-611

Improper Restriction of XML External Entity Reference

Products Affected

johnsoncontrols

nae85
ul_864_uukl_firmware
nae55_firmware
nae85_firmware
nie55_firmware
nie59
metasys_system_configuration_tool
metasys_extended_application_and_data_server
nae55
metasys_application_and_data_server
ul_864_uukl
ord-c100-13_uuklc_firmware
ord-c100-13_uuklc
nie85
nie59_firmware
metasys_open_application_server
nie85_firmware
nie55
metasys_open_data_server
metasys_lonworks_control_server

9.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-9044

9.1^/10

6.4^/10

Attach tags to `CVE-2020-9044`