Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 Improper Neutralization of Input During Web Page Generation (CVE-2018-18985)

Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may all...

CVE-2019-13528

A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 JACE 3e, JACE 6e, JACE 7, JACE-8000, Niagara 4.4u3 JACE 3e, JACE 6e, JACE 7, JACE-8000, and Niagara 4.7u1 JACE-8000, Edge 10...

Code injection

A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 JACE 3e, JACE 6e, JACE 7, JACE-8000, Niagara 4.4u3 JACE 3e, JACE 6e, JACE 7, JACE-8000, and Niagara 4.7u1 JACE-8000, Edge 10...

CVE-2019-13528

A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 JACE 3e, JACE 6e, JACE 7, JACE-8000, Niagara 4.4u3 JACE 3e, JACE 6e, JACE 7, JACE-8000, and Niagara 4.7u1 JACE-8000, Edge 10...

CVE-2019-13528

CVE-2019-13528 is an Improper Authorization vulnerability affecting Tridium Niagara: Niagara AX 3.8u4 (JACE 3e/6e/7/JACE-8000), Niagara 4.4u3 (JACE 3e/6e/7/JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10). A specific utility may allow a local attacker to read privileged files due to insufficien...

ICSA-18-333-02_Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4

1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION : Exploitable remotely/low skill level Vendor : Tridium Equipment : Niagara Enterprise Security, Niagara AX, and Niagara 4 Vulnerability : Cross-site Scripting 2. REPOSTED INFORMATION This advisory was originally posted to the HSIN ICS-CERT library on...

Path traversal

A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform administrator credentials...

CVE-2017-16744

A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform administrator credentials...

CVE-2017-16748

CVE-2017-16748 affects Tridium Niagara AX/Niagara 4 platforms: Niagara AX Framework 3.8 and earlier and Niagara 4 Framework 4.4 and earlier. The issue is improper authentication where an attacker can log in using a disabled account name with a blank password and gain administrator privileges on t...