CVE-2021-27657

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions.

References

https://us-cert.gov/ics/advisories

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-01

Details

Source: MITRE

Published: 2021-06-04

Updated: 2021-12-02

Type: CWE-269

Risk Information

CVSS v2

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:johnsoncontrols:metasys:*:*:*:*:*:*:*:* versions up to 11.0 (inclusive)

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
500440Johnsoncontrols Metasys Improper Privilege ManagementTenable.otSCADA
high