Lucene search

JciCVELIST:CVE-2021-27665

HistoryOct 11, 2021 - 3:26 p.m.

CVE-2021-27665 exacqVision Server 32-bit

2021-10-1115:26:09

CWE-190

jci

www.cve.org

remote exploit

denial-of-service

integer overflow

exacqvision server

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

61.4%

JSON

An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.

CNA Affected

[
  {
    "product": "exacqVision Web Service",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThanOrEqual": "21.06.11.0",
        "status": "affected",
        "version": "21.06.11.0",
        "versionType": "custom"
      }
    ]
  }
]

References

us-cert.gov/ics/advisories/icsa-21-280-03

www.johnsoncontrols.com/cyber-solutions/security-advisories

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

61.4%

JSON

Related for CVELIST:CVE-2021-27665