CVE-2014-5428 : Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used

Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script.

Published 2015-03-29 10:59:01

Updated 2015-03-30 18:45:26

Source ICS-CERT

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2014-5428

Probability of exploitation activity in the next 30 days: 0.41%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-5428

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2014-5428

https://ics-cert.us-cert.gov/advisories/ICSA-14-350-02

Johnson Controls Metasys Vulnerabilities | CISA
Third Party Advisory;US Government Resource

CVEs referencing this url

Products affected by CVE-2014-5428

Johnsoncontrols » Metsys » Version: 4.1
cpe:2.3:a:johnsoncontrols:metsys:4.1:*:*:*:*:*:*:*
Matching versions
When used together with: Johnsoncontrols » Application And Data Server » Version: N/A
When used together with: Johnsoncontrols » Extended Application And Data Server » Version: N/A
When used together with: Johnsoncontrols » Lonworks Control Server Lcs8520 » Version: N/A
When used together with: Johnsoncontrols » Network Automation Engine 5510-2 » Version: N/A
When used together with: Johnsoncontrols » Network Automation Engine 5510-2u » Version: N/A
When used together with: Johnsoncontrols » Network Automation Engine 5511-2 » Version: N/A
When used together with: Johnsoncontrols » Network Automation Engine 5520-2 » Version: N/A
When used together with: Johnsoncontrols » Network Automation Engine 5521-2 » Version: N/A
When used together with: Johnsoncontrols » Network Integration Engine 5510-2 » Version: N/A
When used together with: Johnsoncontrols » Network Integration Engine 5511-2 » Version: N/A
When used together with: Johnsoncontrols » Nxe8500 » Version: N/A
Johnsoncontrols » Metsys » Version: 6.5
cpe:2.3:a:johnsoncontrols:metsys:6.5:*:*:*:*:*:*:*
Matching versions
When used together with: Johnsoncontrols » Application And Data Server » Version: N/A
When used together with: Johnsoncontrols » Extended Application And Data Server » Version: N/A
When used together with: Johnsoncontrols » Lonworks Control Server Lcs8520 » Version: N/A
When used together with: Johnsoncontrols » Network Automation Engine 5510-2 » Version: N/A
When used together with: Johnsoncontrols » Network Automation Engine 5510-2u » Version: N/A
When used together with: Johnsoncontrols » Network Automation Engine 5511-2 » Version: N/A
When used together with: Johnsoncontrols » Network Automation Engine 5520-2 » Version: N/A
When used together with: Johnsoncontrols » Network Automation Engine 5521-2 » Version: N/A
When used together with: Johnsoncontrols » Network Integration Engine 5510-2 » Version: N/A
When used together with: Johnsoncontrols » Network Integration Engine 5511-2 » Version: N/A
When used together with: Johnsoncontrols » Nxe8500 » Version: N/A

Vulnerability Details : CVE-2014-5428

Exploit prediction scoring system (EPSS) score for CVE-2014-5428

CVSS scores for CVE-2014-5428

References for CVE-2014-5428

Products affected by CVE-2014-5428