Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-9044
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Metasys Improper Restriction of XML External Entity Reference
Source: NVD (National Vulnerability Database)
Vulnerability Description
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款Johnson Controls产品代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Johnson Controls Metasys Application and Data Server(ADS)等都是美国江森自控(Johnson Controls)公司的产品。Metasys Application and Data Server是一款应用程序和数据服务器。Metasys Open Data Server(ODS)是一款数据服务器。Metasys Open Application Server(OAS)是一款应用程序服务器。 多款Johnson Controls产品中存在代码问题漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Johnson ControlsMetasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior -
Johnson ControlsMetasys Extended Application and Data Server (ADX) versions 10.1 and prior -
Johnson ControlsMetasys Open Data Server (ODS) versions 10.1 and prior -
Johnson ControlsMetasys Open Application Server (OAS) version 10.1 -
Johnson ControlsMetasys Network Automation Engine (NAE55 only) versions 9.0.1 -
Johnson ControlsMetasys Network Integration Engine (NIE55/NIE59) versions 9.0.1 -
Johnson ControlsMetasys NAE85 and NIE85 versions 10.1 and prior -
Johnson ControlsMetasys LonWorks Control Server (LCS) versions 10.1 and prior -
Johnson ControlsMetasys System Configuration Tool (SCT) versions 13.2 and prior -
Johnson ControlsMetasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1 -
II. Public POCs for CVE-2020-9044
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-9044
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same vendor: Johnson Controls
Same weakness: CWE-611
V. Comments for CVE-2020-9044

No comments yet

Leave a comment