github - ghsa-67j2-4r5v-f48w

ghsa-67j2-4r5v-f48w

Vulnerability from github

Published

2022-04-23 00:03

Modified

2022-05-04 00:00

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote unauthenticated attacker to identify and forge requests to internal systems via a specially crafted request allowing the attacker to determine if specific files or paths exist. This issue affects all versions of SCT/SCT Pro prior to version 14.2.2.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-36203"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-22T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote unauthenticated attacker to identify and forge requests to internal systems via a specially crafted request allowing the attacker to determine if specific files or paths exist. This issue affects all versions of SCT/SCT Pro prior to version 14.2.2.",
  "id": "GHSA-67j2-4r5v-f48w",
  "modified": "2022-05-04T00:00:36Z",
  "published": "2022-04-23T00:03:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36203"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-02"
    },
    {
      "type": "WEB",
      "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2021-36203 (GCVE-0-2021-36203)

Vulnerability from cvelistv5

Published

2022-04-22 14:44

Modified

2024-09-17 02:12

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.

References

►

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-02

x_refsource_MISC

Impacted products

Vendor

Product

Version

►

Johnnson Controls

Metasys System Configuration Tool (SCT)

Version: All < 14.2.2

Johnnson Controls

Metasys System Configuration Tool Pro (SCT Pro)

Version: All < 14.2.2

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:54:50.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Metasys System Configuration Tool (SCT)",
          "vendor": "Johnnson Controls",
          "versions": [
            {
              "lessThan": "14.2.2",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Metasys System Configuration Tool Pro (SCT Pro)",
          "vendor": "Johnnson Controls",
          "versions": [
            {
              "lessThan": "14.2.2",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tony West and Scott Ponte reported this vulnerability to Johnson Controls. Johnson Controls reported this vulnerability to CISA."
        }
      ],
      "datePublic": "2022-04-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-03T19:29:50",
        "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "shortName": "jci"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-02"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Johnson Controls recommends users take the following steps to mitigate this vulnerability:\n\nUpdate SCT/SCT Pro with Patch 14.2.2\nTake proper steps to minimize risks to all building automation systems.\nFor more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2022-03 v1"
        }
      ],
      "source": {
        "advisory": "ICSA-22-111-02",
        "discovery": "EXTERNAL"
      },
      "title": "Johnson Controls Metasys SCT Pro",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productsecurity@jci.com",
          "DATE_PUBLIC": "2022-04-21T17:00:00.000Z",
          "ID": "CVE-2021-36203",
          "STATE": "PUBLIC",
          "TITLE": "Johnson Controls Metasys SCT Pro"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Metasys System Configuration Tool (SCT)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "All",
                            "version_value": "14.2.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Metasys System Configuration Tool Pro (SCT Pro)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "All",
                            "version_value": "14.2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Johnnson Controls"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Tony West and Scott Ponte reported this vulnerability to Johnson Controls. Johnson Controls reported this vulnerability to CISA."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-02",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-02"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Johnson Controls recommends users take the following steps to mitigate this vulnerability:\n\nUpdate SCT/SCT Pro with Patch 14.2.2\nTake proper steps to minimize risks to all building automation systems.\nFor more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2022-03 v1"
          }
        ],
        "source": {
          "advisory": "ICSA-22-111-02",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
    "assignerShortName": "jci",
    "cveId": "CVE-2021-36203",
    "datePublished": "2022-04-22T14:44:10.638332Z",
    "dateReserved": "2021-07-06T00:00:00",
    "dateUpdated": "2024-09-17T02:12:16.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.