Overview
An authenticated exacqVision Web Service user could access a web page that does not properly preserve the web page structure.
Impact
The software does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed as output that is used as a web page that is served to other users.
Affected Versions
All versions of exacqVision Web Service up to and including 21.03.
Mitigation
Upgrade all previous versions of exacqVision Web Service to the latest version of 21.06+.
Current users can obtain the critical software update from the Software Downloads location at https://www.exacq.com/support/downloads.php.
Resources
Cyber Solutions Website – https://www.johnsoncontrols.com/cyber-solutions/security-advisories
CVE-2021-27659 – NIST National Vulnerability Database (NVD) https://nvd.nist.gov/vuln/detail/CVE-2021-27659 and MITRE CVE® https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27659