20.06.3.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

johnsoncontrols

CWE-862

NVD

Published: 2021-03-18

Updated: 2021-03-25

Summary

A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system.

Vulnerable Configurations

Part	Description	Count
Application	Johnsoncontrols Johnsoncontrols Exacqvision WEB Service - Johnsoncontrols Exacqvision WEB Service 20.06.3.0 Johnsoncontrols Exacqvision WEB Service 20.06.11.0	3

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-077-01
https://www.johnsoncontrols.com/cyber-solutions/security-advisories