Skip to main content

Nae55 Firmware

2 CVEs product

Monthly

CVE-2023-4486 HIGH This Week

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nae55 Firmware Sne22000 Firmware Sne11000 Firmware Sne10500 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-9044 CRITICAL Act Now

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Metasys Application And Data Server Metasys Extended Application And Data Server Metasys Lonworks Control Server Metasys Open Application Server +9
NVD
CVSS 3.1
9.1
EPSS
1.3%
EPSS 1% CVSS 7.5
HIGH This Week

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nae55 Firmware Sne22000 Firmware +8
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Metasys Application And Data Server Metasys Extended Application And Data Server +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy