CVE-2024-32864

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-32864
Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-04 Third Party Advisory US Government Resource
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:johnsoncontrols:exacqvision_web_service:*:*:*:*:*:*:*:*
History

09 Aug 2024, 19:14

Type Values Removed Values Added
First Time Johnsoncontrols exacqvision Web Service
CPE cpe:2.3:a:johnsoncontrols:exacqvision_server:*:*:*:*:*:*:*:* cpe:2.3:a:johnsoncontrols:exacqvision_web_service:*:*:*:*:*:*:*:*

09 Aug 2024, 18:50

Type Values Removed Values Added
First Time Johnsoncontrols exacqvision Server
Johnsoncontrols
CVSS v2 : unknown
v3 : 6.4 		v2 : unknown
v3 : 8.1
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-04 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-04 - Third Party Advisory, US Government Resource
References () https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories - () https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories - Vendor Advisory
CPE cpe:2.3:a:johnsoncontrols:exacqvision_server:*:*:*:*:*:*:*:*

02 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) En determinadas circunstancias, los servicios web de exacqVision no aplicarán comunicaciones web seguras (HTTPS).

01 Aug 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-01 21:15

Updated : 2024-08-09 19:14

NVD link : CVE-2024-32864

Mitre link : CVE-2024-32864

CVE.ORG link : CVE-2024-32864

JSON object : View

Products Affected

johnsoncontrols

  • exacqvision_web_service
CWE
CWE-319

Cleartext Transmission of Sensitive Information