Tenable8348.PRMTridium Niagara AX Web Server < 3.5.40.3 / 3.6 < 3.6.47.3 Multiple Vulnerabilities
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.003 Low
EPSS
Percentile
68.5%
The detected version of Tridium Niagara AX is affected by the following vulnerabilities:
-
A directory traversal vulnerability exists that allows access to files outside of the intended folders including the file that stores system usernames and passwords. (CVE-2012-4027)
-
The system insecurely stores user authentication credentials in ‘config.bog’. (CVE-2012-4028)
-
Usernames and passwords are stored in plaintext using Base64 encoding in client side cookies. (CVE-2012-3025)
-
The software generates predictable session IDs. (CVE-2012-3024)
Binary data 8348.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| tridium | niagra_ax_framework | cpe:/a:tridium:niagra_ax_framework |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3024
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3025
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4027
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4028
www.tridium.com/cs/tridium_news/security
community.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_3.5_and_3.6_Security_Patches
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.003 Low
EPSS
Percentile
68.5%