CVE-2020-9047
Summary
| CVE | CVE-2020-9047 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-06-26 19:15:00 UTC |
| Updated | 2021-05-26 13:40:00 UTC |
| Description | A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system. |
Risk And Classification
Problem Types: CWE-347
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Exacq | Exacq | All | All | All | All |
| Application | Exacq | Exacqvision Enterprise Manager | All | All | All | All |
| Application | Johnsoncontrols | Exacqvision Enterprise Manager | All | All | All | All |
| Application | Johnsoncontrols | Exacqvision Web Service | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Product Security Advisories | CONFIRM | www.johnsoncontrols.com | Third Party Advisory |
| Johnson Controls exacqVision (Update A) | CISA | CERT | www.us-cert.gov | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Michael Norris
There are currently no legacy QID mappings associated with this CVE.