Unrated severityNVD Advisory· Published Jan 13, 2023· Updated Apr 7, 2025
Insufficiently Protected Credentials in Metasys
CVE-2021-36204
Description
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=10.0, <10.1.6; >=11.0, <11.0.3+ 1 more
- (no CPE)range: >=10.0, <10.1.6; >=11.0, <11.0.3
- (no CPE)range: All 10 versions
Patches
Vulnerability mechanics
References
2- www.cisa.gov/uscert/ics/advisories/icsa-23-012-06mitrethird-party-advisory
- www.johnsoncontrols.com/cyber-solutions/security-advisoriesmitre
News mentions
0No linked articles in our index yet.