7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.003 Low
EPSS
Percentile
68.5%
The remote host is running a version of Tridium Niagara AX Web Server that is affected by multiple vulnerabilities :
A directory traversal vulnerability exists that allows access to a file that stores login usernames and passwords. (CVE-2012-4027)
The system insecurely stores user authentication credentials in ‘config.bog’. (CVE-2012-4028)
Usernames and passwords are stored in plaintext via Base64 encoding in client side cookies. (CVE-2012-3025)
The software generates predictable session IDs.
(CVE-2012-3024)
Binary data scada_tridium_niagara_patch_18_dec_2012.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
tridium | niagra_ax_framework | cpe:/a:tridium:niagra_ax_framework |