Vulnerability Details : CVE-2020-9047
Potential exploit
A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.
Products affected by CVE-2020-9047
- cpe:2.3:a:johnsoncontrols:exacqvision_web_service:*:*:*:*:*:*:*:*
- cpe:2.3:a:johnsoncontrols:exacqvision_enterprise_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-9047
17.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-9047
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST | |
|
6.8
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L |
1.0
|
5.3
|
Johnson Controls |
CWE ids for CVE-2020-9047
-
The product does not verify, or incorrectly verifies, the cryptographic signature for data.Assigned by:
- nvd@nist.gov (Primary)
- productsecurity@jci.com (Secondary)
References for CVE-2020-9047
-
https://www.us-cert.gov/ics/advisories/ICSA-20-170-01
Johnson Controls exacqVision | CISAThird Party Advisory;US Government Resource
-
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Product Security AdvisoriesThird Party Advisory
Jump to