CVE-2023-4486 Information

Description

Under certain circumstances invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55 SNE and SNC engines prior to version 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.

Reference

https://www.johnsoncontrols.com/cyber-solutions/security-advisories https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03