Critical Security Flaw in Johnson Controls’ exacqVision Web Service: Act Now or Regret Later!

Attention: exacqVision Web Service users! Due to a permissive cross-domain policy flaw, your system may be at risk of unauthorized access. Johnson Controls urges an update to version 24.06. Don’t let your system be the Wild West of data breaches!

3P
Published: August 1, 2024 3:05 pmAdded: August 1, 2024 at 8:26 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like we’ve got another case of tech doing the trust fall and landing flat on its face! Johnson Controls’ exacqVision Web Service decided to play nice with untrusted domains, and now it’s paying the price. Grab your popcorn, folks. This cybersecurity drama is going to be a nail-biter!

Key Points:

  • Permissive cross-domain policy with untrusted domains in exacqVision Web Service.
  • CVSS v4 scores a spicy 7.6, indicating remote exploitability.
  • Affected version: exacqVision Web Service 22.12.1.0.
  • Critical infrastructure sectors impacted globally.
  • Mitigation: Update to exacqVision Web Service version 24.06 and follow CISA recommendations.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?