VYPR
Unrated severityNVD Advisory· Published Dec 7, 2023· Updated May 28, 2025

Uncontrolled Resource Consumption in Metasys and Facility Explorer

CVE-2023-4486

Description

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to

versions 11.0.6 and 12.0.4

and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.