mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
99 lines
3.4 KiB
JSON
99 lines
3.4 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "productsecurity@jci.com",
|
|
"DATE_PUBLIC": "2021-08-30T14:08:00.000Z",
|
|
"ID": "CVE-2021-27663",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "CEM Systems AC2000"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "CEM Systems AC2000",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "10.1",
|
|
"version_value": "10.5"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Johnson Controls"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5."
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 8.2,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-285: Improper Authorization"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
|
|
},
|
|
{
|
|
"name": "ICS-CERT Advisory",
|
|
"refsource": "CERT",
|
|
"url": "https://us-cert.gov/ics/advisories/ICSA-21-238-01"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Apply a patch to all affected versions and implementations.\nThe fix will also be included in 10.5 Server Feature Pack 2, version 10.6 and all future releases.\nTo access the patch, affected users should contact their CEM support team:\nhttps://www.cemsys.com/support/technical-helpdesk/\n"
|
|
}
|
|
],
|
|
"source": {
|
|
"discovery": "EXTERNAL"
|
|
}
|
|
} |