Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2012-4701
cve-2012-4701
directory traversal
tridium niagara ax
vulnerability
remote attackers
sensitive files
arbitrary code
credentials
guest feature
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.3
Confidence
Low
EPSS
0.006
Percentile
78.4%
Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.
Affected configurations
Node
tridiumniagara_axMatch3.5
ORtridiumniagara_axMatch3.6
ORtridiumniagara_axMatch3.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tridium | niagara_ax | 3.6 | cpe:/a:tridium:niagara_ax:3.6::: |
| tridium | niagara_ax | 3.7 | cpe:/a:tridium:niagara_ax:3.7::: |
| tridium | niagara_ax | 3.5 | cpe:/a:tridium:niagara_ax:3.5::: |
Related
cvelist
cvelist
CVE-2012-4701
2022-10-03 16:15:33
nessus
nessus
Tridium Niagra Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
2020-08-10 00:00:00
Tridium Niagara AX Path Traversal (CVE-2012-4701)
2023-03-21 00:00:00
prion
prion
Directory traversal
2013-02-15 12:09:00
nvd
nvd
CVE-2012-4701
2013-02-15 12:09:27
ics
ics
Tridium NiagaraAX Directory Traversal Vulnerability
2013-05-08 12:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.3
Confidence
Low
EPSS
0.006
Percentile
78.4%
Related for CVE-2012-4701