CVE-2014-5428

Name of the Vulnerable Software and Affected Versions Johnson Controls Metasys versions 4.1 through 6.5

Description The issue allows remote attackers to execute arbitrary code by uploading a shell script due to an unrestricted file upload vulnerability in unspecified web services.

Recommendations For versions 4.1 through 6.5, restrict access to the web services to minimize the risk of exploitation. As a temporary workaround, consider disabling the file upload functionality until a patch is available.