CVE-2020-9047
moderate-risk
Published 2020-06-26
A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.
Do I need to act?
!
17.8% chance of exploitation in next 30 days
EPSS score — higher than 82% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.8/10
Medium
NETWORK
/ HIGH complexity
Affected Products (2)
Exacqvision Web Service
Affected Vendors
References (4)
Third Party Advisory
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Third Party Advisory
https://www.us-cert.gov/ics/advisories/ICSA-20-170-01
Third Party Advisory
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Third Party Advisory
https://www.us-cert.gov/ics/advisories/ICSA-20-170-01
41
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
13/34 · Low
Exposure
7/34 · Low