Niagara Ax Security Vulnerabilities and Issues — Niagara Ax CVE List

Lucene search

TridiumNiagara Ax

6 matches found

CVE•added 2019/09/24 10:15 p.m.•108 views

CVE-2019-13528

A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10).

4.4CVSS4.6AI score0.00083EPSS

CVE•added 2013/02/15 12:9 p.m.•53 views

CVE-2012-4701

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.

9.3CVSS7.3AI score0.00868EPSS

CVE•added 2012/07/16 8:55 p.m.•52 views

CVE-2012-4027

Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.

5CVSS6.5AI score0.00196EPSS

CVE•added 2012/07/16 8:55 p.m.•49 views

CVE-2012-4028

Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.

7.8CVSS6.2AI score0.0019EPSS

CVE•added 2012/08/16 10:38 a.m.•47 views

CVE-2012-3025

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network.

5CVSS6.2AI score0.01623EPSS

CVE•added 2012/08/16 10:38 a.m.•41 views

CVE-2012-3024

Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack.

5CVSS7AI score0.01014EPSS