Cloud Defense Logo

Products

Solutions

Company

CVE-2019-7593 : Security Advisory and Response

Learn about CVE-2019-7593 involving the use of shared RSA key pairs in Metasys systems before version 9.0, impacting encryption operations. Find mitigation steps and affected versions here.

Metasys use of shared RSA key pairs

Understanding CVE-2019-7593

This CVE involves the use of shared RSA key pairs in Metasys systems before version 9.0, impacting encryption operations related to the Site Management Portal.

What is CVE-2019-7593?

The vulnerability in Metasys systems allows the use of a shared RSA key pair, potentially compromising encryption operations.

The Impact of CVE-2019-7593

        CVSS Score: 6.8 (Medium Severity)
        Confidentiality Impact: High
        Integrity Impact: High
        Attack Vector: Network
        User Interaction: Required

Technical Details of CVE-2019-7593

The technical aspects of the vulnerability in Metasys systems.

Vulnerability Description

Metasys systems prior to version 9.0 utilize shared RSA key pairs for encryption operations within the Site Management Portal.

Affected Systems and Versions

        Affected Product: Metasys versions prior to 9.0
        Vendor: Johnson Controls
        Unaffected Version: 9.0

Exploitation Mechanism

The vulnerability can be exploited through network-based attacks requiring user interaction.

Mitigation and Prevention

Steps to mitigate and prevent the CVE-2019-7593 vulnerability.

Immediate Steps to Take

        Upgrade Metasys devices to Release 9.0 or later
        Configure sites with trusted certificates

Long-Term Security Practices

        Regularly update and patch Metasys systems
        Implement strong encryption protocols

Patching and Updates

Ensure all Metasys devices are updated to at least version 9.0 to address the vulnerability.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now