VAR-201207-0054
Vulnerability from variot - Updated: 2023-12-18 12:09The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). Johnson Controls CK721-A and P2000 products contain a remote command execution vulnerability which may allow an unauthenticated remote attacker to perform various tasks against the devices. Johnson Controls is a well-known self-control manufacturer in the United States. An unauthenticated attacker can send a specially crafted message to this port to close the door and change the configuration. The \"upload\" port (tcp/41013) of the P2000 (Pegasys) server is used for logging and alarm purposes. The server only receives any message sent to it by verifying the source IP. The attacker can send a specially crafted message to the port to provide false information. Access data to the server. Successfully exploiting this issue may allow an attacker to execute arbitrary commands within the context of the vulnerable system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201207-0054",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network controller",
"scope": "eq",
"trust": 1.6,
"vendor": "johnsoncontrols",
"version": "ck721-a"
},
{
"model": "network controller",
"scope": "eq",
"trust": 1.0,
"vendor": "johnsoncontrols",
"version": "03.0"
},
{
"model": "network controller",
"scope": "lte",
"trust": 1.0,
"vendor": "johnsoncontrols",
"version": "03.1.0.14"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "johnson controls",
"version": null
},
{
"model": "network controller",
"scope": "eq",
"trust": 0.8,
"vendor": "johnson controls",
"version": "ck721-a"
},
{
"model": "network controller",
"scope": "lt",
"trust": 0.8,
"vendor": "johnson controls",
"version": "ssm4388_03.1.0.14_bb"
},
{
"model": "controls ck721-a and p2000",
"scope": null,
"trust": 0.6,
"vendor": "johnson",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#977312"
},
{
"db": "CNVD",
"id": "CNVD-2012-3706"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003106"
},
{
"db": "NVD",
"id": "CVE-2012-2607"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-220"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:johnsoncontrols:network_controller:ck721-a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:johnsoncontrols:network_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "03.1.0.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:johnsoncontrols:network_controller_firmware:03.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2607"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Travis Lee",
"sources": [
{
"db": "BID",
"id": "54469"
}
],
"trust": 0.3
},
"cve": "CVE-2012-2607",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "LOW-MEDIUM",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 5.3,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2012-2607",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "UNCOFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-2607",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-55888",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-2607",
"trust": 2.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201207-220",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-55888",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#977312"
},
{
"db": "VULHUB",
"id": "VHN-55888"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003106"
},
{
"db": "NVD",
"id": "CVE-2012-2607"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-220"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). Johnson Controls CK721-A and P2000 products contain a remote command execution vulnerability which may allow an unauthenticated remote attacker to perform various tasks against the devices. Johnson Controls is a well-known self-control manufacturer in the United States. An unauthenticated attacker can send a specially crafted message to this port to close the door and change the configuration. The \\\"upload\\\" port (tcp/41013) of the P2000 (Pegasys) server is used for logging and alarm purposes. The server only receives any message sent to it by verifying the source IP. The attacker can send a specially crafted message to the port to provide false information. Access data to the server. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary commands within the context of the vulnerable system",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2607"
},
{
"db": "CERT/CC",
"id": "VU#977312"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003106"
},
{
"db": "CNVD",
"id": "CNVD-2012-3706"
},
{
"db": "BID",
"id": "54469"
},
{
"db": "VULHUB",
"id": "VHN-55888"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2607",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#977312",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003106",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201207-220",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-3706",
"trust": 0.6
},
{
"db": "BID",
"id": "54469",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-55888",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#977312"
},
{
"db": "CNVD",
"id": "CNVD-2012-3706"
},
{
"db": "VULHUB",
"id": "VHN-55888"
},
{
"db": "BID",
"id": "54469"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003106"
},
{
"db": "NVD",
"id": "CVE-2012-2607"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-220"
}
]
},
"id": "VAR-201207-0054",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3706"
},
{
"db": "VULHUB",
"id": "VHN-55888"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3706"
}
]
},
"last_update_date": "2023-12-18T12:09:58.580000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Network Controllers",
"trust": 0.8,
"url": "http://www.johnsoncontrols.com/content/us/en/products/building_efficiency/security-solutions/products/network-controller.html"
},
{
"title": "Patch for Johnson Controls Multiple Product Remote Command Execution Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/18894"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3706"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003106"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55888"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003106"
},
{
"db": "NVD",
"id": "CVE-2012-2607"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/977312"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/moro-8uyn8p"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2607"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu977312"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2607"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#977312"
},
{
"db": "CNVD",
"id": "CNVD-2012-3706"
},
{
"db": "VULHUB",
"id": "VHN-55888"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003106"
},
{
"db": "NVD",
"id": "CVE-2012-2607"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-220"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#977312"
},
{
"db": "CNVD",
"id": "CNVD-2012-3706"
},
{
"db": "VULHUB",
"id": "VHN-55888"
},
{
"db": "BID",
"id": "54469"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003106"
},
{
"db": "NVD",
"id": "CVE-2012-2607"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-220"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-13T00:00:00",
"db": "CERT/CC",
"id": "VU#977312"
},
{
"date": "2012-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3706"
},
{
"date": "2012-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-55888"
},
{
"date": "2012-07-13T00:00:00",
"db": "BID",
"id": "54469"
},
{
"date": "2012-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003106"
},
{
"date": "2012-07-16T20:49:19.567000",
"db": "NVD",
"id": "CVE-2012-2607"
},
{
"date": "2012-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-220"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-03T00:00:00",
"db": "CERT/CC",
"id": "VU#977312"
},
{
"date": "2012-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3706"
},
{
"date": "2012-07-17T00:00:00",
"db": "VULHUB",
"id": "VHN-55888"
},
{
"date": "2012-07-16T18:20:00",
"db": "BID",
"id": "54469"
},
{
"date": "2012-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003106"
},
{
"date": "2012-07-17T04:00:00",
"db": "NVD",
"id": "CVE-2012-2607"
},
{
"date": "2012-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-220"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-220"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Johnson Controls Multiple Products Remote Command Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3706"
},
{
"db": "BID",
"id": "54469"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-220"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…