Main Vulnerability Database SB2024071792

SB2024071792 - Incorrect default permissions in Johnson Controls Software House CCURE 9000

Published: July 17, 2024

Security Bulletin ID SB2024071792

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect default permissions (CVE-ID: CVE-2024-32861)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to insufficient protection of directories containing executables. A remote attacker access credentials used for access to the application

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
https://www.cisa.gov/news-events/ics-advisories/ICSA-24-191-05