CVE-2023-4486

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 7, 2023

Updated: Dec 19, 2023

CWE ID 400

CWE ID 770

Summary

CVE-2023-4486 is a denial-of-service vulnerability affecting Johnson Controls Metasys NAE55, SNE, and SNC engines versions prior to 11.0.6 and 12.0.4, as well as Facility Explorer F4-SNC engines versions prior to 11.0.6 and 12.0.4. An attacker can send invalid authentication credentials to the login endpoint, resulting in the targeted system becoming unresponsive and unavailable to legitimate users. This issue poses a significant risk to organizations that rely on these systems for building automation and control.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Johnson Controls

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sbOjeq
https://www.cve.org/CVERecord?id=CVE-2023-4486
https://nvd.nist.gov/vuln/detail/CVE-2023-4486

Back to Vulnerability Database

CVE-2023-4486

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations