Month: October 2021

Adding the Arecont AV20476RS quad-imager camera with the ONVIF plugin may not have all (4) imager streams connect to the server

Post author By Bhargav Atturu
Post date October 15, 2021

Issue:

Adding the Arecont Vision ConteraIP Omni LX RS AV20476RS quad-imager IP cameras with the ONVIF plugin (onvifnvcPI) may not have all (4) imager streams connect to the server. Only (3) of the (4) imagers show as connected.

Symptoms:

All but one one imager on the client camera “settings” page appear functional and display live video. The camera’s management web page shows all (4) imager video streams as functional.

The error condition is listed in the log as:

10/1/2020 10:58:08.956 AM (GMT-5:00) onvifnvcPI Critical Plug-in Read thread exiting due to bad function call

Root Cause:

It was caused by an issue with the handling of the “delayed tasks” queue. Additional measures were added to the “cancel task” component and an increase in the number of simultaneous CURL command requests for the “non-delayed” queue was made to address this issue.

Workaround:

None available — upgrade is required.

Introduced In:

Server version 20.06.9

Fixed In:

Server version 20.12 or later

Tags ONVIF plugin (onvifnvcPI), 6463, Arecont AV20476RS Quad-Imager Camera, Server version 20.06.9, Server version 20.12 or later, Imager Not Connecting, Level2

Knowledge Support Support exacqVision Webservice Products

Web Service – Services do not show up on install

Post author By Brian Lakin
Post date October 11, 2021

When installing the web service the Service’s do not show up. The install seems if it completed successfully but does not create a service.

After installing the latest version of the Webservice the control panel and service page looks like this: You can see the application installed but the services do not.

Check to see if nvrg.exe is installed in the BIN folder.
Run the Command Prompt as ADMIN: Note: You have to be in the bin directory or use full path.
Type the following in CMD:
cd C: \Program Files (x86) or (x64)\exacqVision\WebService\bin
Then run:
wfe.exe -k install
IF you get the follow error we need to Make Sure that this error shows before moving to correcting the registry. If this does not give an error then do not move to the registry and escalate the case.

ERROR: If you get the above error: “this registry key already exists” seen as the return from the command follow the steps below to correct the install.

Run RegEdit as ADMIN and navigate to:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\webservice

You will delete the whole webservice key seen above. Delete the Folder in the left panel only.

Once that is done you can re run the command above and if it runs successfully you can validate the service shows up in the services. If it does start the service and in a browser browse to 127.0.0.1 (list port intended).

Tags Installing Web Server, Services, Level2, 6456, Webservice

Knowledge Support Support exacqVision Server Categories Products

exacq Server may stop communicating with all ONVIF cameras when a user disables a stream on a multi-stream ONVIF camera

Post author By Bhargav Atturu
Post date October 11, 2021

Issue:

Under certain conditions, disabling one stream on a multi-stream camera may cause the ONVIF plugin (onvifnvcPI) to experience an internal error that causes it to stop communicating with the rest of the ONVIF cameras.

Symptoms:

The error condition requires a service restart to interact with the ONVIF plugin again and is listed in the log as:

10/1/2020 10:58:08.956 AM (GMT-5:00) onvifnvcPI Critical Plug-in Read thread exiting due to bad function call

Root Cause:

It is believed to be timing-related and happens when a camera stream is disabled at a point where it has not yet connected to the server. This results in an ONVIF (onvifnvcPI) plugin exception error that causes it to exit the corresponding thread abruptly.

Workaround:

None available — upgrade is required.

Introduced In:

Server version 20.06.9

Fixed In:

Server version 20.12 or later

Tags ONVIF plugin (onvifnvcPI), version 20.06.9, version 20.12 or later, Stops Communicating, Bad Function Call, Critical Plug-in Read, Level2, 6452

Knowledge Support Support Categories exacqVision Webservice Products Uncategorized

An Unauthenticated Remote User Could be Given Access to Credentials Stored in the Server

Post author By Bhargav Atturu
Post date October 4, 2021

Overview:

Johnson Controls has confirmed a vulnerability impacting the exacqVision Web Service. The exacqVision Web Service is also included in the exacqVision Server Bundle along with the exacqVision Client and exacqVision Server. The exacqVision Web Service allows users to retrieve video and other data from exacqVision servers using a browser and mobile application. When passthrough / unauthenticated access is enabled, credentials for other systems connected to exacqVision could be exposed.

Impact:

Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.

Affected Versions:

exacqVision Web Service version 21.06.11.0 or older.

Mitigation:

Upgrade exacqVision Web Service to version 21.09.
Current users can obtain the critical software update from the Software Downloads location at: https://www.exacq.com/support/downloads.php

Resources:

JCI Cyber Solutions Product Security Advisories Website JCI‐PSA‐2021‐16 JCI-PSA-2021-16.docx (johnsoncontrohttps://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2021/jci-psa-2021-16.pdf?la=en&hash=46C02304209410715E488DF9B74EDCA45FFCB908ls.com)
Common Vulnerabilities & Exposures (CVE) CVE-2021-27664 – National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) https://nvd.nist.gov/vuln/detail/CVE-2021-27664 (RESERVED but not posted yet) or MITRE CVE® List https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27664 (RESERVED but not posted yet)
Cybersecurity & Infrastructure Security Agency (CISA) Industrial Control Systems (ICS) Advisories ICSA‐21‐280‐01 https://us-cert.cisa.gov/ics/advisories/icsa-21-280-01

Tags 6435, JCI‐PSA‐2021‐16, CVE-2021-27664, ICSA‐21‐280‐01, Vulnerability, Internal, version 21.09

Knowledge Support Support exacqVision Server Categories Products

An Unauthenticated Remote User Could Exploit a Potential Integer Overflow Condition in the Server and Cause DoS

Post author By Bhargav Atturu
Post date October 4, 2021

Overview:

Johnson Controls has confirmed a vulnerability impacting Exacq Technologies exacqVision. The exacqVision Server is also included in the exacqVision Server Bundle along with the exacqVision Client and exacqVision Web Service. Under certain circumstances an integer overflow condition could exist in the exacqVision Server.

Impact:

An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause Denial of Service (DoS).

Affected Versions:

exacqVision Server 32‐bit version 21.06.11.0 or older.

Mitigation:

Upgrade exacqVision Server 32‐bit to version 21.09 or Upgrade to exacqVision Server 64‐bit.
Current users can obtain the critical software update from the Software Downloads location at: https://www.exacq.com/support/downloads.php

Resources:

JCI Cyber Solutions Product Security Advisories Website JCI‐PSA‐2021‐18 https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2021/jci-psa-2021-18.pdf?la=en&hash=D5577A925D77BDFA025AAB3708AACC1A0B62AF67
Common Vulnerabilities & Exposures (CVE) CVE‐2021‐27665 – National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) https://nvd.nist.gov/vuln/detail/CVE-2021-27665 (RESERVED but not posted yet) or MITRE CVE® List https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27665 (RESERVED but not posted yet)
Cybersecurity & Infrastructure Security Agency (CISA) Industrial Control Systems (ICS) Advisories ICSA‐21‐280‐03 https://us-cert.cisa.gov/ics/advisories/icsa-21-280-03

Tags ICSA‐21‐280‐03, Vulnerability, Level2, 6418, version 21.09, 32‐bit version 21.06.11.0 or older, Denial of Service (DoS), Integer Overflow Condition, CVE‐2021‐27665, JCI‐PSA‐2021‐18

Knowledge Support Support exacqVision Server Categories Products

Server Hardware Monitoring Indicates False-Positive Sensor Alarms with Certain Motherboards

Post author By Bhargav Atturu
Post date October 1, 2021

Issue:

For systems with Q87, H110-E1, or C236 motherboards, the exacqVision Server software may transmit false-positive sensor alarms due to reading abnormally high values.

Symptoms:

Often, all voltage, fan, and temperature sensors will be alarmed together in the exacq Client Configure System > Hardware Monitoring tab.

Root Cause:

The root cause is that the System Management plugin (SysMgmtPI) was not properly selecting and unselecting Super I/O alarm registers before reading them and was therefore receiving random values that did not reflect reality.

Workaround:

None available — upgrade is required.

Introduced In:

Server version 19.09

Fixed In:

Server version 21.09.9+

Tags Hardware Monitoring, False-Positive Sensor Alarms, Q87 motherboards, H110-E1 motherboards, C236 motherboards, SysMgmtPI, Server version 19.09, Server version 21.09.9+, Guest, 6415