CVE-2020-9047

Summary

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsexacqVision Web Service versions 20.03.2.0 and priorunspecified <= 20.03.2.0affected
Johnson ControlsexacqVision Enterprise Manager versions 20.03.3.0 and priorunspecified <= 20.03.3.0affected

Weaknesses

  • CWE-347: CWE-347: Improper Verification of Cryptographic Signature

ADP Enrichment

CVE Program Container

Additional References

References