Unrated severityNVD Advisory· Published Dec 7, 2023· Updated May 28, 2025
Uncontrolled Resource Consumption in Metasys and Facility Explorer
CVE-2023-4486
Description
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to
versions 11.0.6 and 12.0.4
and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4< 11.0.6 & < 12.0.4+ 1 more
- (no CPE)range: < 11.0.6 & < 12.0.4
- (no CPE)range: 12.0
- Range: < 11.0.6 & < 12.0.4
- Johnson Controls/Metasys NAE55/SNE/SNCv5Range: 12.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.