Johnsoncontrols
Products
4- 5 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-20188 | Non | 0.00 | 0.0 | 0.00 | May 6, 2026 | Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the Cisco Product Security Incident… | ||
| CVE-2025-20123 | 0.00 | — | 0.00 | Jan 8, 2025 | Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist… | |||
| CVE-2024-20478 | 0.00 | — | 0.01 | Aug 28, 2024 | A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a… | |||
| CVE-2023-20011 | 0.00 | — | 0.00 | Feb 23, 2023 | A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack… | |||
| CVE-2014-5428 | 0.00 | — | 0.04 | Mar 29, 2015 | Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE)… | |||
| CVE-2014-5427 | 0.00 | — | 0.01 | Mar 29, 2015 | Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote… | |||
| CVE-2012-4026 | 0.00 | — | 0.01 | Jul 16, 2012 | The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607. | |||
| CVE-2012-2607 | 0.00 | — | 0.02 | Jul 16, 2012 | The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). |
- risk 0.00cvss 0.0epss 0.00
Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the Cisco Product Security Incident…
- CVE-2025-20123Jan 8, 2025risk 0.00cvss —epss 0.00
Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist…
- CVE-2024-20478Aug 28, 2024risk 0.00cvss —epss 0.01
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a…
- CVE-2023-20011Feb 23, 2023risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack…
- CVE-2014-5428Mar 29, 2015risk 0.00cvss —epss 0.04
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE)…
- CVE-2014-5427Mar 29, 2015risk 0.00cvss —epss 0.01
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote…
- CVE-2012-4026Jul 16, 2012risk 0.00cvss —epss 0.01
The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607.
- CVE-2012-2607Jul 16, 2012risk 0.00cvss —epss 0.02
The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).