Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2012-3024
tridium
niagara ax
framework
authentication bypass
cve-2012-3024
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
47.2%
Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack.
Affected configurations
Node
tridiumniagara_axRange≤3.6
| CPE | Name | Operator | Version |
|---|---|---|---|
| tridium:niagara_ax | tridium niagara ax | le | 3.6 |
Related
nessus
nessus
Tridium Niagra Improper Authentication
2020-08-10 00:00:00
Tridium Niagara AX Improper Authentication (CVE-2012-3024)
2023-03-21 00:00:00
Tridium Niagara AX Web Server Multiple Vulnerabilities
2013-07-03 00:00:00
cvelist
cvelist
CVE-2012-3024
2022-10-03 16:15:24
prion
prion
Authentication flaw
2012-08-16 10:38:00
nvd
nvd
CVE-2012-3024
2012-08-16 10:38:04
ics
ics
Tridium Niagara Vulnerabilities (Update A)
2014-03-06 12:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
47.2%
Related for CVE-2012-3024