CVE-2020-9047
published 2020-06-26CVE-2020-9047: A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions…
PriorityP258high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
7.77%
93.9th percentile
A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| johnson_controls | exacqvision_enterprise_manager_versions_20.03.3.0_and_prior | unspecified – 20.03.3.0 | — |
| johnson_controls | exacqvision_web_service_versions_20.03.2.0_and_prior | unspecified – 20.03.2.0 | — |
| johnsoncontrols | exacqvision_enterprise_manager | <= 20.06.4.0 | — |
| johnsoncontrols | exacqvision_web_service | <= 20.06.3.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/version.web
version3.10.4.72058
version3.12.4.76544
version3.8.2.67295
version7.0.2.81005
version7.2.7.86974
version7.4.3.89785
version7.6.4.94391
version7.8.2.97826
version8.0.6.105408
version8.2.2.107285
version8.4.3.111614
version8.6.3.116175
version8.8.1.118913
version9.0.3.124620
version9.2.0.127940
version9.4.3.137684
version9.6.7.145949
version9.8.4.149166
version19.03.3.152166
version19.06.4.157118
version19.09.4.0
version19.12.2.0
version20.03.2.0
version20.06.3.0
bytes
490a0046304402204ea40c18e027a46a275355e5f3f7a78cfadc8de3416cc1c3d0ef1dbc7361237102200e3fc4a4cb5bdf42af2078683037cce8b3cffdb4faab1b32261827513b6a500d:922c64590222798bb761d5b6d8e72950
- →The version disclosure endpoint /version.web returns a plaintext build string; match the response body against the enumerated vulnerable version list to identify affected hosts.
- →Root cause is CWE-347 (Improper Verification of Cryptographic Signature): the web service does not verify signatures on downloaded executables, enabling an admin-level attacker to stage a malicious binary for OS command injection. ↗
- ·Exploitation requires administrative privileges on the exacqVision Web Service; the attack vector is network-accessible but privilege requirement is HIGH (PR:H), limiting opportunistic exploitation. ↗
- ·CISA's CVSS v3 score (6.8, AV:N/AC:H/PR:H/UI:R/S:C) differs from the Nuclei template score (7.2, AV:N/AC:L/PR:H/UI:N/S:U); detection confidence should account for the higher attack complexity and required user interaction noted by CISA. ↗
- ·No known public exploits specifically targeting this vulnerability were confirmed at time of advisory publication; high skill level is needed to exploit. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Johnson Controls exacqVision (Update A)
cisa_ics·2020-07-14·CVSS 6.8
[MEDIUM] Johnson Controls exacqVision (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Johnson Controls exacqVision (Update A)
Last RevisedJuly 14, 2020
Alert CodeICSA-20-170-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.8
- ATTENTION: Exploitable remotely
- Vendor: Exacq Technologies, a subsidiary of Johnson Controls
- Equipment: exacqVision
- Vulnerability: Improper Verification of Cryptographic Signature
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker with administrative privileges to potentially download and run a malicious executable that could allow the execution of operating system commands on the system.
## 3. TE
GHSA
GHSA-jhjw-25g5-p452: A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service ver
ghsa_unreviewed·2022-05-24
CVE-2020-9047 [HIGH] CWE-347 GHSA-jhjw-25g5-p452: A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service ver
A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.03.2.0 and prior and exacqVision Enterprise Manager versions 20.03.3.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.
No detection rules found.
Nuclei
exacqVision Web Service - Remote Code Execution
nuclei·CVSS 7.2
CVE-2020-9047 [HIGH] exacqVision Web Service - Remote Code Execution
exacqVision Web Service - Remote Code Execution
exacqVision Web Service is susceptible to remote code execution which could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentiallydownload and run a malicious executable that could allow OS command injection on the system.
Template:
id: CVE-2020-9047
info:
name: exacqVision Web Service - Remote Code Execution
author: dwisiswant0
severity: high
description: |
exacqVision Web Service is susceptible to remote code execution which could allow the execution of unauthorized code or operating system commands on systems running exacqVisi
No writeups or analysis indexed.
2020-06-26
Published