CVE-2020-9047

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.
References
Link Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories Third Party Advisory
https://www.us-cert.gov/ics/advisories/ICSA-20-170-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:johnsoncontrols:exacqvision_enterprise_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:johnsoncontrols:exacqvision_web_service:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-06-26 19:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-9047

Mitre link : CVE-2020-9047

CVE.ORG link : CVE-2020-9047


JSON object : View

Products Affected

johnsoncontrols

  • exacqvision_web_service
  • exacqvision_enterprise_manager
CWE
CWE-347

Improper Verification of Cryptographic Signature