Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.
References
| Link | Resource |
|---|---|
| http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf | Broken Link Third Party Advisory US Government Resource |
| https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
22 Mar 2023, 14:11
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:tridium:niagra_ax_framework:3.6:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagra_ax_framework:3.7:*:*:*:*:*:*:* |
cpe:2.3:a:tridium:niagara_ax:3.7:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara_ax:3.5:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara_ax:3.6:*:*:*:*:*:*:* |
| References | (CONFIRM) https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013 - Broken Link | |
| References | (MISC) http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf - Broken Link, Third Party Advisory, US Government Resource |
Information
Published : 2013-02-15 12:09
Updated : 2024-02-04 18:16
NVD link : CVE-2012-4701
Mitre link : CVE-2012-4701
CVE.ORG link : CVE-2012-4701
JSON object : View
Products Affected
tridium
- niagara_ax
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')