Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Tridium Security Vulnerabilities

cve
cve

CVE-2012-3024

Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack.

7AI Score

0.001EPSS

2012-08-16 10:38 AM
31
cve
cve

CVE-2012-3025

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network.

6.2AI Score

0.002EPSS

2012-08-16 10:38 AM
38
cve
cve

CVE-2012-4027

Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.

6.5AI Score

0.003EPSS

2012-07-16 08:55 PM
38
cve
cve

CVE-2012-4028

Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.

6.2AI Score

0.004EPSS

2012-07-16 08:55 PM
41
cve
cve

CVE-2012-4701

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.

7.3AI Score

0.014EPSS

2013-02-15 12:09 PM
38
cve
cve

CVE-2017-16744

A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.

7.2CVSS

6.8AI Score

0.003EPSS

2018-08-20 09:29 PM
72
cve
cve

CVE-2017-16748

An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.

9.8CVSS

9.1AI Score

0.015EPSS

2018-08-20 09:29 PM
83
cve
cve

CVE-2018-18985

Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow...

5.4CVSS

5.2AI Score

0.001EPSS

2019-01-29 04:29 PM
50
cve
cve

CVE-2019-13528

A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10).

4.4CVSS

4.6AI Score

0.0004EPSS

2019-09-24 10:15 PM
97
cve
cve

CVE-2020-14483

A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to cor...

4.3CVSS

4.5AI Score

0.001EPSS

2020-08-13 03:15 PM
49