The NCCIC has published an advisory on an unquoted search path or element vulnerability in Johnson Controls exacqVision Server. This vulnerability impacts exacqVision server versions 9.6 and 9.8. Successful exploitation of this vulnerability could allow an unauthenticated user to elevate their privileges. Johnson Controls recommends users upgrade to the latest product, version 19.03. The NCCIC also advises of a series of measures for mitigating the vulnerability. Read the advisory at CISA.
Early bird registration for H2OSecCon 2024 is now open! - REGISTER HERE