QID 590646

Date Published: 2022-02-03

QID 590646: Johnson Controls exacq Enterprise Manager Remote Code Execution Vulnerability (ICSA-21-357-02)

AFFECTED PRODUCTS
The following versions of Exacq Technologies Enterprise Manager, an enterprise management tool, are affected:
Exacq Enterprise Manager: All Versions 21.12 and prior

QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys

Successful exploitation of this vulnerability could allow an attacker to enter malicious input resulting in remote code execution.

  • CVSS V3 rated as Critical - 10 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
  • Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-21-357-02 for affected packages and patching details.

    Vendor References

    CVEs related to QID 590646

    Software Advisories
    Advisory ID Software Component Link
    ICSA-21-357-02 URL Logo www.us-cert.gov/ics/advisories/ICSA-21-357-02