CVE-2020-9044: Metasys Improper Restriction of XML External Entity Reference
First published: Tue Mar 10 2020(Updated: )
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1.
Credit: productsecurity@jci.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Johnsoncontrols Metasys Application And Data Server | <=10.1 | |
| Johnsoncontrols Metasys Application And Data Server | <=10.1 | |
| Johnsoncontrols Metasys Extended Application And Data Server | <=10.1 | |
| Johnsoncontrols Metasys Lonworks Control Server | <=10.1 | |
| Johnsoncontrols Metasys Open Application Server | =10.1 | |
| Johnsoncontrols Metasys Open Data Server | <=10.1 | |
| Johnsoncontrols Metasys System Configuration Tool | <=13.2 | |
| Johnsoncontrols Nae55 Firmware | =9.0.1 | |
| Johnsoncontrols Nae55 Firmware | =9.0.2 | |
| Johnsoncontrols Nae55 Firmware | =9.0.3 | |
| Johnsoncontrols Nae55 Firmware | =9.0.5 | |
| Johnsoncontrols Nae55 Firmware | =9.0.6 | |
| Johnsoncontrols Nae55 | ||
| Johnsoncontrols Nie55 Firmware | =9.0.1 | |
| Johnsoncontrols Nie55 Firmware | =9.0.2 | |
| Johnsoncontrols Nie55 Firmware | =9.0.3 | |
| Johnsoncontrols Nie55 Firmware | =9.0.5 | |
| Johnsoncontrols Nie55 Firmware | =9.0.6 | |
| Johnsoncontrols Nie55 | ||
| Johnsoncontrols Nie59 Firmware | =9.0.1 | |
| Johnsoncontrols Nie59 Firmware | =9.0.2 | |
| Johnsoncontrols Nie59 Firmware | =9.0.3 | |
| Johnsoncontrols Nie59 Firmware | =9.0.5 | |
| Johnsoncontrols Nie59 Firmware | =9.0.6 | |
| Johnsoncontrols Nie59 | ||
| Johnsoncontrols Nae85 Firmware | <=10.1 | |
| Johnsoncontrols Nae85 | ||
| Johnsoncontrols Nie85 Firmware | <=10.1 | |
| Johnsoncontrols Nie85 | ||
| Johnsoncontrols Nae55 Firmware | =8.1 | |
| Johnsoncontrols Ul 864 Uukl Firmware | =8.1 | |
| Johnsoncontrols Ul 864 Uukl | ||
| Johnsoncontrols Ord-c100-13 Uuklc Firmware | =8.1 | |
| Johnsoncontrols Ord-c100-13 Uuklc |
Remedy
Johnson Controls has developed a patch to address this issue. Customers should contact their local branch office for remediation.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-9044?
The severity of CVE-2020-9044 is critical with a severity value of 9.1.
Which products are affected by CVE-2020-9044?
Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior, Metasys Extended Application and Data Server, Metasys Lonworks Control Server, Metasys Open Application Server, Metasys Open Data Server, Metasys System Configuration Tool, NAE55 Firmware versions 9.0.1 to 9.0.6, NIE55 Firmware versions 9.0.1 to 9.0.6, NIE59 Firmware versions 9.0.1 to 9.0.6, NAE85 Firmware versions up to 10.1, and NIE85 Firmware versions up to 10.1 are affected by CVE-2020-9044.
What is the impact of CVE-2020-9044?
CVE-2020-9044 could potentially facilitate DoS attacks or harvesting of ASCII server files.
How can CVE-2020-9044 be fixed?
There is currently no known fix for CVE-2020-9044. It is recommended to follow the provided security advisories for updates and patches from Johnson Controls.
Where can I find more information about CVE-2020-9044?
More information about CVE-2020-9044 can be found in the security advisories from Johnson Controls and the ICS-CERT website.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/remedy
- agent/title
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/johnsoncontrols
- canonical/johnsoncontrols metasys application and data server
- version/johnsoncontrols metasys application and data server/10.1
- canonical/johnsoncontrols metasys extended application and data server
- version/johnsoncontrols metasys extended application and data server/10.1
- canonical/johnsoncontrols metasys lonworks control server
- version/johnsoncontrols metasys lonworks control server/10.1
- canonical/johnsoncontrols metasys open application server
- version/johnsoncontrols metasys open application server/10.1
- canonical/johnsoncontrols metasys open data server
- version/johnsoncontrols metasys open data server/10.1
- canonical/johnsoncontrols metasys system configuration tool
- version/johnsoncontrols metasys system configuration tool/13.2
- canonical/johnsoncontrols nae55 firmware
- version/johnsoncontrols nae55 firmware/9.0.1
- version/johnsoncontrols nae55 firmware/9.0.2
- version/johnsoncontrols nae55 firmware/9.0.3
- version/johnsoncontrols nae55 firmware/9.0.5
- version/johnsoncontrols nae55 firmware/9.0.6
- canonical/johnsoncontrols nae55
- canonical/johnsoncontrols nie55 firmware
- version/johnsoncontrols nie55 firmware/9.0.1
- version/johnsoncontrols nie55 firmware/9.0.2
- version/johnsoncontrols nie55 firmware/9.0.3
- version/johnsoncontrols nie55 firmware/9.0.5
- version/johnsoncontrols nie55 firmware/9.0.6
- canonical/johnsoncontrols nie55
- canonical/johnsoncontrols nie59 firmware
- version/johnsoncontrols nie59 firmware/9.0.1
- version/johnsoncontrols nie59 firmware/9.0.2
- version/johnsoncontrols nie59 firmware/9.0.3
- version/johnsoncontrols nie59 firmware/9.0.5
- version/johnsoncontrols nie59 firmware/9.0.6
- canonical/johnsoncontrols nie59
- canonical/johnsoncontrols nae85 firmware
- version/johnsoncontrols nae85 firmware/10.1
- canonical/johnsoncontrols nae85
- canonical/johnsoncontrols nie85 firmware
- version/johnsoncontrols nie85 firmware/10.1
- canonical/johnsoncontrols nie85
- version/johnsoncontrols nae55 firmware/8.1
- canonical/johnsoncontrols ul 864 uukl firmware
- version/johnsoncontrols ul 864 uukl firmware/8.1
- canonical/johnsoncontrols ul 864 uukl
- canonical/johnsoncontrols ord-c100-13 uuklc firmware
- version/johnsoncontrols ord-c100-13 uuklc firmware/8.1
- canonical/johnsoncontrols ord-c100-13 uuklc