← Back to home
ICSA-20-170-01  ·  Published 2020-07-02  ·  View on CISA ICS-CERT ↗

Johnson Controls exacqVision (Update A)

CVSS 6.8 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker with administrative privileges to potentially download and run a malicious executable that could allow the execution of operating system commands on the system.

CVEs (1)

Remediations

  • Upgrade exacqVision Web Service to v20.06.4 or higher
  • Upgrade exacqVision Enterprise Manager to v20.06.5 or higher
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2020-7 v2
  • Johnson Controls recommends taking steps to minimize risks to all building automation systems.

Affected Vendors

Exacq Technologies, Johnson Controls Inc.

Affected Products (2)

Exacq Technologies, Johnson Controls Inc. · exacqVision Web Service <= 20.06.3.0
Exacq Technologies, Johnson Controls Inc. · exacqVision Enterprise Manager <= 20.06.4.0

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more