EUVD-2020-29878

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Vulnerability in American Dynamics Web Clients allows unauthenticated token creation and DoS attacks.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2020-9049	19 Nov 202018:41	–	circl
CNNVD	Johnson Controls Victor Web Client Authorization Issues Vulnerability	17 Nov 202000:00	–	cnnvd
CVE	CVE-2020-9049	19 Nov 202015:27	–	cve
Cvelist	CVE-2020-9049 victor Web Client and C•CURE Web Client JSON Web Token (JWT) Vulnerability	19 Nov 202015:27	–	cvelist
ICS	Johnson Controls Sensormatic Electronics American Dynamics victor Web Client	17 Nov 202000:00	–	ics
NVD	CVE-2020-9049	19 Nov 202016:15	–	nvd
OSV	CVE-2020-9049	19 Nov 202016:15	–	osv
Prion	Authorization	19 Nov 202016:15	–	prion
ThreatPost	Multiple Industrial Control System Vendors Warn of Critical Bugs	17 Nov 202022:38	–	threatpost

[
  {
    "enisaIdVendor": [
      {
        "id": "c4adbd58-cce0-3c29-8a74-c05d8eb01232",
        "vendor": {
          "name": "Johnson Controls"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "236097fc-15f3-3619-8c8e-0180fd0ea728",
        "product": {
          "name": "C•CURE Web Client version 2.90 and prior (Note - This does not affect the new web-based C•CURE 9000 client that was introduced in C•CURE 9000 v2.90)"
        },
        "product_version": "unspecified ≤2.90"
      },
      {
        "id": "f11d93b3-20a2-3dea-87ee-d7f0104ea313",
        "product": {
          "name": "victor Web Client version 5.6 and prior"
        },
        "product_version": "unspecified ≤5.6"
      }
    ]
  }
]

Source	Link
johnsoncontrols	www.johnsoncontrols.com/cyber-solutions/security-advisories
us-cert	www.us-cert.cisa.gov/ics/advisories/icsa-20-324-01
us-cert	www.us-cert.cisa.gov/ics/advisories/icsa-20-324-01
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.3 - 7.1

CVSS 25.7

EPSS0.00061

vulnerability american dynamics web client token creation denial of service attacks