EUVD-2017-7932

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

An attacker can access the Niagara platform using a disabled account and blank password for admin rights.

Reporter	Title	Published	Views	Family All 10
CNVD	Tridium Niagara AX Framework and Niagara 4 Framework Authentication Bypass Vulnerability	21 Aug 201800:00	–	cnvd
CVE	CVE-2017-16748	20 Aug 201821:00	–	cve
Cvelist	CVE-2017-16748	20 Aug 201821:00	–	cvelist
ICS	Tridium Niagara	10 Jul 201800:00	–	ics
ICS	Johnson Controls Facility Explorer	22 Jan 201900:00	–	ics
NVD	CVE-2017-16748	20 Aug 201821:29	–	nvd
OSV	CVE-2017-16748	20 Aug 201821:29	–	osv
Tenable Nessus	Tridium Niagara Improper Authentication	10 Aug 202000:00	–	nessus
Tenable Nessus	Tridium Niagara Improper Authentication (CVE-2017-16748)	21 Mar 202300:00	–	nessus
Prion	Design/Logic Flaw	20 Aug 201821:29	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "052f162b-9720-3623-bc2b-e74d3ca4d034",
        "vendor": {
          "name": "ICS-CERT"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "77b8df4a-405c-36e7-a973-66c55dd7ef84",
        "product": {
          "name": "Niagara AX Framework and Niagara 4 Framework"
        },
        "product_version": "Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/105101
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-18-191-03
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-19-022-01
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

9.4High risk

Vulners AI Score9.4

CVSS 39.8

CVSS 27.5

EPSS0.02678