CVE-2019-7593 : Security Advisory and Response
Learn about CVE-2019-7593 involving the use of shared RSA key pairs in Metasys systems before version 9.0, impacting encryption operations. Find mitigation steps and affected versions here.
Metasys use of shared RSA key pairs
Understanding CVE-2019-7593
This CVE involves the use of shared RSA key pairs in Metasys systems before version 9.0, impacting encryption operations related to the Site Management Portal.
What is CVE-2019-7593?
The vulnerability in Metasys systems allows the use of a shared RSA key pair, potentially compromising encryption operations.
The Impact of CVE-2019-7593
- CVSS Score: 6.8 (Medium Severity)
- Confidentiality Impact: High
- Integrity Impact: High
- Attack Vector: Network
- User Interaction: Required
Technical Details of CVE-2019-7593
The technical aspects of the vulnerability in Metasys systems.
Vulnerability Description
Metasys systems prior to version 9.0 utilize shared RSA key pairs for encryption operations within the Site Management Portal.
Affected Systems and Versions
- Affected Product: Metasys versions prior to 9.0
- Vendor: Johnson Controls
- Unaffected Version: 9.0
Exploitation Mechanism
The vulnerability can be exploited through network-based attacks requiring user interaction.
Mitigation and Prevention
Steps to mitigate and prevent the CVE-2019-7593 vulnerability.
Immediate Steps to Take
- Upgrade Metasys devices to Release 9.0 or later
- Configure sites with trusted certificates
Long-Term Security Practices
- Regularly update and patch Metasys systems
- Implement strong encryption protocols
Patching and Updates
Ensure all Metasys devices are updated to at least version 9.0 to address the vulnerability.