Johnsoncontrols Metasys System Configuration Tool
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Johnsoncontrols Metasys System Configuration Tool.
By the Year
In 2026 there have been 0 vulnerabilities in Johnsoncontrols Metasys System Configuration Tool. Metasys System Configuration Tool did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 6.10 |
| 2022 | 1 | 9.10 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.50 |
It may take a day or so for new Metasys System Configuration Tool vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Johnsoncontrols Metasys System Configuration Tool Security Vulnerabilities
Johnson Controls SCT Sensitive Cookie missing Secure before 14.2.3/15.0.3
CVE-2022-21940
6.1 - Medium
- February 09, 2023
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
Missing Encryption of Sensitive Data
Johnson Controls SCT v14/v15 Sensitive Cookie Lacking HttpOnly Flag
CVE-2022-21939
6.1 - Medium
- February 09, 2023
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
Incorrect Permission Assignment for Critical Resource
The affected product may
CVE-2021-36203
9.1 - Critical
- April 22, 2022
The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.
SSRF
XXE vulnerability exists in the Metasys family of product Web Services
CVE-2020-9044
7.5 - High
- March 10, 2020
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Johnsoncontrols Metasys System Configuration Tool or by Johnsoncontrols? Click the Watch button to subscribe.
