CVE-2020-9047

Опубликовано: 26 июн. 2020

Источник: nvd

CVSS3: 6.8

CVSS3: 7.2

CVSS2: 9

EPSS Средний

Описание

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.

Ссылки

https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Third Party Advisory
https://www.us-cert.gov/ics/advisories/ICSA-20-170-01
Third Party Advisory
US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Third Party Advisory
https://www.us-cert.gov/ics/advisories/ICSA-20-170-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:johnsoncontrols:exacqvision_enterprise_manager:*:*:*:*:*:*:*:*

Версия до 20.06.4.0 (включая)

cpe:2.3:a:johnsoncontrols:exacqvision_web_service:*:*:*:*:*:*:*:*

Версия до 20.06.3.0 (включая)

EPSS

Процентиль: 95%

0.17828

Средний

6.8 Medium

CVSS3

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-347

Связанные уязвимости

GHSA-jhjw-25g5-p452

github

больше 3 лет назад

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.03.2.0 and prior and exacqVision Enterprise Manager versions 20.03.3.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.

EPSS

Процентиль: 95%

0.17828

Средний

6.8 Medium

CVSS3

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-347