Lucene search

JciCVE-2024-32864

HistoryAug 01, 2024 - 9:15 p.m.

CVE-2024-32864

2024-08-0121:15:27

CWE-319

jci

web.nvd.nist.gov

exacqvision

web services

secure web communications

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

39.5%

JSON

Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)

Affected configurations

Nvd

Node

johnsoncontrolsexacqvision_web_serviceRange≤24.03

VendorProductVersionCPE
johnsoncontrolsexacqvision_web_service*cpe:2.3:a:johnsoncontrols:exacqvision_web_service:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
johnsoncontrols	exacqvision_web_service	*	cpe:2.3:a:johnsoncontrols:exacqvision_web_service::::::::

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "exacqVision",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThanOrEqual": "24.03",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-214-04

www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

39.5%

JSON

Related for CVE-2024-32864