CVE-2012-4027

{"id": "CVE-2012-4027", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-07-16T20:55:04.957", "references": [{"url": "http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en Tridium Niagara AX Framework permite a atacantes remotos leer archivos fuera de las im\u00e1genes deseadas, nav, y carpetas de p\u00edxeles mediante el aprovechamiento de permisos incorrectos, como lo demuestra la lectura del archivo config.bog."}], "lastModified": "2023-03-22T14:09:05.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tridium:niagara_ax:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEF1B8B7-44B6-4F10-AED2-348BA097AD71"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}