CNNVD-202601-5074 Information
CNNVD ID
CNNVD-202601-5074
Related CVE
- CNNVD Published: 2026-01-30
Description (Chinese)
Johnson Controls Metasys是美国江森自控(Johnson Controls)公司的一个楼宇自动化平台。 Johnson Controls Metasys多款产品存在安全漏洞,该漏洞源于命令中特殊元素中和不当,可能导致远程SQL执行。以下产品及版本受到影响:Metasys Application and Data Server 14.1及之前版本、Metasys Extended Application and Data Server 14.1版本、LCS8500或NAE8500 12.0版本至14.1版本、System Configuration Tool 17.1及之前版本和Controller Configuration Tool 17.0及之前版本。
Description (English)
Johnson Controls Metasys is a building automation platform for Johnson Controls in the United States. There is a safety loophole in the Johnson Controls Metasys multi-products, which stems from the incompetence of the special elements in the command and may lead to remote SQL execution. The following products and versions have been affected: Metasys Application and Data Server 14.1 et seq., Metasys Exported Application and Data Server 14.1, LS8500 or NAE8500 12.0 to 14.1, System Regulation Tool 17.1 et seq. and Controller Regulation 17.0 et seq.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
江森自控
Published
2026-01-30
Last Modified
2026-02-24
References
https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-04 https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
Patch
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
Share on: