Metasys use of shared RSA key pairs
CVE-2019-7593

6.8MEDIUM

Key Information:

Vendor

Johnson Controls

Status
Metasys Versions Prior To 9.0
Vendor
CVE Published:
20 August 2019

What is CVE-2019-7593?

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).

Affected Version(s)

Metasys prior to 9.0 9.0

References

https://www.johnsoncontrols.com/-/media/jci/cyber-solutio...
x_refsource_CONFIRM
https://www.us-cert.gov/ics/advisories/icsa-19-227-01
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

[email protected]
.