Your one-stop web resource providing safety and security information to manufacturers

Johnson Controls has an upgrade to mitigate reusing a nonce, key pair in encryption, and use of hard-coded cryptographic key vulnerabilities in its Metasys, according to a report with CISA.

Successful exploitation of these remotely exploitable vulnerabilities, discovered by harpocrates.ghost@protonmail.com, could be leveraged by an attacker to decrypt captured network traffic.

A building automation system, Metasys system versions prior to 9.0 suffer from the vulnerabilities.

In one vulnerability, Metasys ADS/ADX servers and NAE/NIE/NCE engines make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP). An attacker with access to the shared RSA key pair could decrypt captured network traffic between the Metasys ADS/ADX servers or NAE/NIE/NCE engines and the connecting SMP user client.

Cyber Security

CVE-2019-7593 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.8.

In addition, Metasys ADS/ADX servers and NAE/NIE/NCE engines make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP). An attacker with access to the hardcoded RC2 key could decrypt captured network traffic between the Metasys ADS/ADX servers or NAE/NIE/NCE engines and the connecting SMP user client.

CVE-2019-7594 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.8.

The product sees use mainly in the critical manufacturing sector. It also sees action on a global basis.

No known public exploits specifically target these vulnerabilities. High skill level is needed to exploit.

Ireland-based Johnson Controls recommends the following:
• Users should upgrade to Version 9.0 or later and configure sites with trusted certificates
• Further ICS security notices and product security guidance are located at the Johnson Controls product security website.

For questions concerning this product, email Johnson Controls Global Product Security.

Pin It on Pinterest

Share This