Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.
References
Configurations
History
21 Nov 2024, 01:42
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html - Permissions Required | |
References | () https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf - Broken Link, Vendor Advisory |
Information
Published : 2012-07-16 20:55
Updated : 2024-11-21 01:42
NVD link : CVE-2012-4027
Mitre link : CVE-2012-4027
CVE.ORG link : CVE-2012-4027
JSON object : View
Products Affected
tridium
- niagara_ax
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')