XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:N/A:P
Vendors Products
Johnsoncontrols
  • Ord-c100-13 Uuklc
  • Nae85
  • Ul 864 Uukl Firmware
  • Metasys Application And Data Server
  • Nae85 Firmware
  • Metasys System Configuration Tool
  • Nie85 Firmware
  • Metasys Extended Application And Data Server
  • Metasys Open Application Server
  • Nie85
  • Nae55 Firmware
  • Nae55
  • Metasys Lonworks Control Server
  • Metasys Open Data Server
  • Ord-c100-13 Uuklc Firmware
  • Nie55
  • Ul 864 Uukl
  • Nie59 Firmware
  • Nie59
  • Nie55 Firmware

Configuration 1 [-]

OR cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:*:*:*:*:*:*:*:*
cpe:2.3:a:johnsoncontrols:metasys_application_and_data_server:*:*:*:*:lite:*:*:*
cpe:2.3:a:johnsoncontrols:metasys_extended_application_and_data_server:*:*:*:*:*:*:*:*
cpe:2.3:a:johnsoncontrols:metasys_lonworks_control_server:*:*:*:*:*:*:*:*
cpe:2.3:a:johnsoncontrols:metasys_open_application_server:10.1:*:*:*:*:*:*:*
cpe:2.3:a:johnsoncontrols:metasys_open_data_server:*:*:*:*:*:*:*:*
cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.1:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.2:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.3:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.5:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:nae55_firmware:9.0.6:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:nae55:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.1:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.2:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.3:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.5:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:nie55_firmware:9.0.6:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:nie55:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.1:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.2:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.3:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.5:*:*:*:*:*:*:*
cpe:2.3:o:johnsoncontrols:nie59_firmware:9.0.6:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:nie59:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:johnsoncontrols:nae85_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:nae85:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:johnsoncontrols:nie85_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:nie85:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:johnsoncontrols:nae55_firmware:8.1:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:nae55:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:johnsoncontrols:ul_864_uukl_firmware:8.1:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:ul_864_uukl:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:johnsoncontrols:ord-c100-13_uuklc_firmware:8.1:*:*:*:*:*:*:*
cpe:2.3:h:johnsoncontrols:ord-c100-13_uuklc:-:*:*:*:*:*:*:*
References
Link Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-070-05 Third Party Advisory US Government Resource
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: jci

Published: 2020-03-10T19:28:30

Updated: 2020-03-10T19:28:30

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9044

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2020-03-10T20:15:22.197

Modified: 2020-03-11T21:28:30.087

Link: CVE-2020-9044

JSON object: View

cve-icon Redhat Information

No data.

CWE