Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Metasys product command injection vulnerability could allow remote SQL execution
Vulnerability Description
Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects * Metasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation, * Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation, * LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1, * System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior, * Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior.
CVSS Information
N/A
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Johnson Controls Metasys多款产品 安全漏洞
Vulnerability Description
Johnson Controls Metasys是美国江森自控(Johnson Controls)公司的一个楼宇自动化平台。 Johnson Controls Metasys多款产品存在安全漏洞,该漏洞源于命令中特殊元素中和不当,可能导致远程SQL执行。以下产品及版本受到影响:Metasys Application and Data Server 14.1及之前版本、Metasys Extended Application and Data Server 14.1版本、LCS8500或NAE8500 12
CVSS Information
N/A
Vulnerability Type
N/A