Lucene search

JciCVELIST:CVE-2021-27664

HistoryOct 11, 2021 - 3:21 p.m.

CVE-2021-27664 exacqVision Web Service

2021-10-1115:21:08

CWE-269

jci

www.cve.org

cve-2021-27664

exacqvision

web service

configuration

unauthenticated access

server

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.007

Percentile

80.0%

JSON

Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.

CNA Affected

[
  {
    "product": "exacqVision Web Service",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThanOrEqual": "21.06.11.0",
        "status": "affected",
        "version": "21.06.11.0",
        "versionType": "custom"
      }
    ]
  }
]

References

us-cert.gov/ics/advisories/icsa-21-280-01

www.johnsoncontrols.com/cyber-solutions/security-advisories

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.007

Percentile

80.0%

JSON

Related for CVELIST:CVE-2021-27664