Johnson Controls exacqVision Web Service

🗓️ 01 Aug 2024 06:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 13 Views

Johnson Controls exacqVision Web Service - Cleartext Transmission of Sensitive Information Vulnerability, CVSS v3 6.4, Exploitable remotely, Versions 24.03 and prior affected, Impact on Critical Infrastructure Sectors, Vulnerability reported by Diego Zaffaroni, Mitigation recommended to update to version 24.06, Defensive measures advised by CIS

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability of the HTTPS implementation of the exacqVision Web Service interface of the video surveillance system allows a perpetrator to gain unauthorized access to protected information.	12 Aug 202400:00	–	bdu_fstec
Circl	CVE-2024-32864	1 Aug 202423:47	–	circl
CVE	CVE-2024-32864	1 Aug 202421:08	–	cve
Cvelist	CVE-2024-32864 exacqVison - HTTPS Session Establishment	1 Aug 202421:08	–	cvelist
EUVD	EUVD-2024-30650	3 Oct 202520:07	–	euvd
Tenable Nessus	Johnson Controls exacqVision Web Service < 24.06 Multiple Vulnerabilities	9 Aug 202400:00	–	nessus
NVD	CVE-2024-32864	1 Aug 202421:15	–	nvd
Vulnrichment	CVE-2024-32864 exacqVison - HTTPS Session Establishment	1 Aug 202421:08	–	vulnrichment

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-214-04.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-214-04
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/topics/industrial-control-systems
cisa	www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
cisa	www.cisa.gov/uscert/ncas/tips/ST04-014
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B