In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.

In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.

In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.

In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.

ICS-CERT CWE-209

OR
     *cpe:2.3:a:johnsoncontrols:bcpro:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.2
     *cpe:2.3:a:johnsoncontrols:metasys_system:*:*:*:*:*:*:*:* versions up to (including) 8.0

(AV:A/AC:L/Au:N/C:P/I:N/A:N)

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-388

http://www.securityfocus.com/bid/104937 No Types Assigned

http://www.securityfocus.com/bid/104937 Third Party Advisory, VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02 No Types Assigned

https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02 Mitigation, Third Party Advisory, US Government Resource

http://www.securityfocus.com/bid/104937 [No Types Assigned]