November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities
August 15, 2019Rewterz Threat Advisory – CVE-2019-13520 – Fuji Electric Alpha5 Smart Loader Code Execution Vulnerability
August 16, 2019Rewterz Threat Advisory – Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities
August 15, 2019Rewterz Threat Advisory – CVE-2019-13520 – Fuji Electric Alpha5 Smart Loader Code Execution Vulnerability
August 16, 2019
Severity
Medium
Analysis Summary
CVE-2019-7593
Metasys ADS/ADX servers and NAE/NIE/NCE engines make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP). An attacker with access to the shared RSA key pair could decrypt captured network traffic between the Metasys ADS/ADX servers or NAE/NIE/NCE engines and the connecting SMP user client.
CVE-2019-7594
Metasys ADS/ADX servers and NAE/NIE/NCE engines make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP). An attacker with access to the hardcoded RC2 key could decrypt captured network traffic between the Metasys ADS/ADX servers or NAE/NIE/NCE engines and the connecting SMP user client.
Impact
Decrypt captured network traffic.
Affected Vendors
Johnson Controls
Affected Products
Metasys system versions prior to 9.0
Remediation
Johnson Controls recommends the users to upgrade to Version 9.0 or later and configure sites with trusted certificates.