Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2022-21935 : What You Need to Know

Discover the impact of CVE-2022-21935 on Metasys ADS/ADX/OAS servers. Learn about the high-risk vulnerability, affected versions, and necessary mitigation steps.

A deep dive into CVE-2022-21935, a vulnerability affecting Johnson Controls' Metasys ADS/ADX/OAS servers.

Understanding CVE-2022-21935

This CVE describes a security flaw in the Metasys ADS/ADX/OAS servers that allows for unverified password changes.

What is CVE-2022-21935?

CVE-2022-21935 impacts Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and 11 versions prior to 11.0.2, exposing a high-risk vulnerability.

The Impact of CVE-2022-21935

The vulnerability poses a significant risk with a CVSS base score of 7.5, affecting confidentiality, integrity, and availability.

Technical Details of CVE-2022-21935

An overview of the vulnerability specifics.

Vulnerability Description

The flaw allows unauthorized users to change passwords without verification, potentially leading to unauthorized access.

Affected Systems and Versions

Metasys ADS/ADX/OAS server versions 10.1.5 and below, as well as versions 11.0.2 and below, are vulnerable to this exploit.

Exploitation Mechanism

An attacker in the adjacent network can exploit the vulnerability without requiring any user interaction.

Mitigation and Prevention

Steps to address and prevent the CVE-2022-21935 vulnerability.

Immediate Steps to Take

Users are advised to update all Metasys ADS/ADX/OAS 10 versions with patch 10.1.5 and 11 versions with patch 11.0.2 to mitigate the risk.

Long-Term Security Practices

Implement robust password policies, access controls, and network segmentation to enhance overall security posture.

Patching and Updates

Regularly apply security patches and updates to ensure systems are protected against emerging threats.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now