Johnson Controls exacqVision Enterprise System Manager
Monitor6.7ICS-CERT ICSA-19-164-01Jun 13, 2019
Attack VectorLocal
Auth RequiredLow
ComplexityHigh
User InteractionRequired
Summary
Johnson Controls exacqVision ESM v5.12.2 and prior contains a privilege escalation vulnerability (CWE-285) that could allow code execution. The vulnerability affects all Microsoft Windows operating systems except Windows Server. Exploitation requires local access to an ESM workstation and user interaction—specifically, tricking an ESM user into opening a malicious file. No public exploits currently exist for this vulnerability.
What this means
What could happen
An attacker with local access and ability to trick a user into opening a malicious file could execute code on the ESM workstation, potentially allowing them to access or modify video surveillance data, system configurations, or credentials stored in the application.
Who's at risk
Organizations using Johnson Controls exacqVision ESM for video surveillance and access control should be aware of this vulnerability. It affects ESM administrators and operators on non-Server Windows systems who may be targeted with social engineering attacks. This is relevant for facilities managing physical security camera systems and access logs.
How it could be exploited
An attacker must first gain local access to a Windows workstation running ESM, then craft a malicious file (likely a document or executable) to trick an ESM user into opening it. When the user opens the file, the vulnerability allows code execution with the privileges of the logged-in user. The attack requires user interaction and elevated privileges to be effective.
Prerequisites
- Local access to a Windows workstation running ESM v5.12.2 or earlier
- User with ESM access privileges to view or interact with files
- Ability to deliver a malicious file to the target user and convince them to open it
- Windows operating system other than Windows Server
requires user interaction (social engineering)local access only, not remotely exploitableno public exploit availablehigh skill level needed to exploitaffects Windows workstations (not servers)
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
ESM: v5.12.2 and prior. All Microsoft Windows operating systems are affected with the exception of Microsoft Windows Server≤ 5.12.2 | all microsoft windows operating systems (except microsoft windows server)19.03
Remediation & Mitigation
0/5
Do now
0/2HARDENINGRestrict ESM workstation access to authorized personnel only and implement role-based access controls
HARDENINGEducate ESM users not to open files from untrusted sources or unexpected attachments
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpgrade ESM to Version 19.03 or later
WORKAROUNDImplement application whitelisting on ESM workstations to prevent execution of unauthorized code
Long-term hardening
0/1HARDENINGMonitor ESM workstation file access and process execution for suspicious activity
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f910507a-469b-481e-960d-218dcb959624