HIGH🇵🇱 Wersja polska

CVE-2021-27661

CVSS 8.8v3.1pub. 2021-07-01upd. 2024-11-21

Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Johnsoncontrols F4 Snc

    HW
    Johnsoncontrols
    wszystkie wersje
  • Johnsoncontrols F4 Snc Firmware

    OS
    Johnsoncontrols
    11
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-4486HIGH7.5ten sam produkt

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson...

CVE-2024-32758CRITICAL9.0PL ✓ten sam vendor

Niewystarczająca długość klucza kryptograficznego w komunikacji exacqVision

CVE-2023-4804CRITICAL10.0ten sam vendor

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.

CVE-2023-2024CRITICAL10.0ten sam vendor

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access ...

CVE-2021-36206CRITICAL10.0ten sam vendor

All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a ...

CVE-2021-27661 — Johnsoncontrols — F4-Snc — HIGH — CVSS 8.8 | CVEbaza.pl