Vulnerability Description
A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Johnsoncontrols | Exacqvision Enterprise Manager | <= 20.06.4.0 |
| Johnsoncontrols | Exacqvision Web Service | <= 20.06.3.0 |
Related Weaknesses (CWE)
References
- https://www.johnsoncontrols.com/cyber-solutions/security-advisoriesThird Party Advisory
- https://www.us-cert.gov/ics/advisories/ICSA-20-170-01Third Party AdvisoryUS Government Resource
- https://www.johnsoncontrols.com/cyber-solutions/security-advisoriesThird Party Advisory
- https://www.us-cert.gov/ics/advisories/ICSA-20-170-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-9047?
CVE-2020-9047 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterpri...
How severe is CVE-2020-9047?
CVE-2020-9047 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9047?
Check the references section above for vendor advisories and patch information. Affected products include: Johnsoncontrols Exacqvision Enterprise Manager, Johnsoncontrols Exacqvision Web Service.