CVE-2019-7588

Public Exploit
exacqVision Enterprise System Manager (ESM) privilege escalation

Description

A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not impact any Windows Server OSs, or Linux deployments with permissions that are not inherited from the root directory. Authorized Users have ‘modify’ permission to the ESM folders, which allows a low privilege account to modify files located in these directories. An executable can be renamed and replaced by a malicious file that could connect back to a bad actor providing system level privileges. A low privileged user is not able to restart the service, but a restart of the system would trigger the execution of the malicious file. This issue affects: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) Version 5.12.2 and prior versions; This issue does not affect: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) 19.03 and above.

Remediation

Solution:

  • KB mitigation ( https://exacq.com/kb?crc=31399 ) or Upgrade to version 19.03 or beyond.

Workaround:

  • (Windows 10) Change file permissions for install location of exacqVision ESM. In the Properties of the installation folder Security tab > Advanced Select Disable inheritance Select Convert Select ‘Authorized Users’ or ‘Users’ that have ‘Special’ or ‘Modify’ access and remove.

Category

6.7
CVSS
Severity: Medium
CVSS 3.0 •
CVSS 2.0 •
EPSS 0.28%
Vendor Advisory exacq.com
Affected: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM)
Published at:
Updated at:

References

Link Tags
https://ics-cert.us-cert.gov/advisories/ICSA-19-164-01 third party advisory us government resource
https://packetstormsecurity.com/files/151691/exacqvisionesm5122-escalate.txt exploit vdb entry third party advisory
https://exacq.com/kb?crc=31399 mitigation vendor advisory
https://www.johnsoncontrols.com/-/media/jci/be/united-states/specialty-pages/product-security/files/cpp-psa-2019-01-v2-exacqvision-esm.pdf third party advisory mitigation

Frequently Asked Questions

What is the severity of CVE-2019-7588?
CVE-2019-7588 has been scored as a medium severity vulnerability.
How to fix CVE-2019-7588?
To fix CVE-2019-7588: KB mitigation ( https://exacq.com/kb?crc=31399 ) or Upgrade to version 19.03 or beyond.
Is CVE-2019-7588 being actively exploited in the wild?
It is possible that CVE-2019-7588 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-7588?
CVE-2019-7588 affects Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM).
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.