CVE-2020-9047

MEDIUM NUCLEI

exacqVision Web Service < 20.06.3.0 and Enterprise Manager < 20.06.4.0 - Authenticated OS Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-9047. PoCs published by norrismw. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2020-9047, targeting exacqVision Web Service versions 3.8.2.67295 to 20.06.3.0. The exploit leverages a remote code execution vulnerability by crafting malicious package files and serving them via a local HTTP server to the target system.

Description

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.

Exploits (1)

nomisec WORKING POC 11 stars

by norrismw · poc

https://github.com/norrismw/CVE-2020-9047

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2020-9047, targeting exacqVision Web Service versions 3.8.2.67295 to 20.06.3.0. The exploit leverages a remote code execution vulnerability by crafting malicious package files and serving them via a local HTTP server to the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: exacqVision Web Service 3.8.2.67295 - 20.06.3.0

Auth required

Prerequisites: Network access to the target system · Valid credentials for the exacqVision Web Service · Local HTTP server to host the payload

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

exacqVision Web Service - Remote Code Execution

HIGHby dwisiswant0

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

https://www.us-cert.gov/ics/advisories/ICSA-20-170-01

Third Party Advisory x_refsource_confirm

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Scores

CVSS v3 6.8

EPSS 0.0777

EPSS Percentile 93.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L

Details

CWE

CWE-347

Status published

Products (2)

johnsoncontrols/exacqvision_enterprise_manager < 20.06.4.0

johnsoncontrols/exacqvision_web_service < 20.06.3.0

Published Jun 26, 2020

Tracked Since Feb 18, 2026