cbcvebase.
CVE-2020-9047
published 2020-06-26

CVE-2020-9047: A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions…

PriorityP258high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
7.77%
93.9th percentile
A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.

Affected

4 ranges
VendorProductVersion rangeFixed in
johnson_controlsexacqvision_enterprise_manager_versions_20.03.3.0_and_priorunspecified – 20.03.3.0
johnson_controlsexacqvision_web_service_versions_20.03.2.0_and_priorunspecified – 20.03.2.0
johnsoncontrolsexacqvision_enterprise_manager<= 20.06.4.0
johnsoncontrolsexacqvision_web_service<= 20.06.3.0

Detection & IOCsextracted from sources · hover to see the quote

url/version.web
version3.10.4.72058
version3.12.4.76544
version3.8.2.67295
version7.0.2.81005
version7.2.7.86974
version7.4.3.89785
version7.6.4.94391
version7.8.2.97826
version8.0.6.105408
version8.2.2.107285
version8.4.3.111614
version8.6.3.116175
version8.8.1.118913
version9.0.3.124620
version9.2.0.127940
version9.4.3.137684
version9.6.7.145949
version9.8.4.149166
version19.03.3.152166
version19.06.4.157118
version19.09.4.0
version19.12.2.0
version20.03.2.0
version20.06.3.0
bytes
490a0046304402204ea40c18e027a46a275355e5f3f7a78cfadc8de3416cc1c3d0ef1dbc7361237102200e3fc4a4cb5bdf42af2078683037cce8b3cffdb4faab1b32261827513b6a500d:922c64590222798bb761d5b6d8e72950
  • The version disclosure endpoint /version.web returns a plaintext build string; match the response body against the enumerated vulnerable version list to identify affected hosts.
  • Root cause is CWE-347 (Improper Verification of Cryptographic Signature): the web service does not verify signatures on downloaded executables, enabling an admin-level attacker to stage a malicious binary for OS command injection.
  • ·Exploitation requires administrative privileges on the exacqVision Web Service; the attack vector is network-accessible but privilege requirement is HIGH (PR:H), limiting opportunistic exploitation.
  • ·CISA's CVSS v3 score (6.8, AV:N/AC:H/PR:H/UI:R/S:C) differs from the Nuclei template score (7.2, AV:N/AC:L/PR:H/UI:N/S:U); detection confidence should account for the higher attack complexity and required user interaction noted by CISA.
  • ·No known public exploits specifically targeting this vulnerability were confirmed at time of advisory publication; high skill level is needed to exploit.

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.