Insufficiently Protected Credentials in Metasys
CVE-2021-36204

7.8HIGH

Key Information:

Vendor: Johnson Controls
Status: Metasys Ads/adx/oas
Vendor: CVE Published:; 13 January 2023

🔔 Create Johnson Controls Vulnerability Alert

What is CVE-2021-36204?

A vulnerability in Johnson Controls' Metasys ADS/ADX/OAS allows API calls to expose sensitive credentials in plain text under certain conditions. Versions 10 prior to 10.1.6 and 11 prior to 11.0.3 are affected, posing significant security risks to users by potentially allowing unauthorized access to critical system data. Users are advised to upgrade to the latest versions to mitigate exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Metasys ADS/ADX/OAS All 10 versions < 10.1.6

Metasys ADS/ADX/OAS All 11 versions < 11.0.3

References

https://www.johnsoncontrols.com/cyber-solutions/security-...

https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-06

third-party-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2023
Vulnerability Reserved
Jul 6, 2021

JSON

Johnson Controls

What is CVE-2021-36204?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.