CVE-2020-9047

nvd nist nuclei

Published: Jun 26, 2020Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.

Affected (2)

Products: Johnsoncontrols: Exacqvision Enterprise Manager, Exacqvision Web Service

Johnsoncontrols

2 products

Exacqvision Enterprise Manager

Exacqvision Web Service

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Johnsoncontrols Exacqvision Enterprise Manager	Up to 20.06.4.0
Johnsoncontrols Exacqvision Web Service	Up to 20.06.3.0

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (4)

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Source: productsecurity@jci.com

Third Party Advisory

https://www.us-cert.gov/ics/advisories/ICSA-20-170-01

Source: productsecurity@jci.com

Third Party AdvisoryUS Government Resource

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.us-cert.gov/ics/advisories/ICSA-20-170-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.