An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.
CPE | Name | Operator | Version |
---|---|---|---|
niagara | le | 4.4 | |
niagara_ax_framework | le | 3.8 |