Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.
References
Link | Resource |
---|---|
http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html | Permissions Required |
https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf | Broken Link Vendor Advisory |
Configurations
History
No history.
Information
Published : 2012-07-16 20:55
Updated : 2024-02-28 12:00
NVD link : CVE-2012-4027
Mitre link : CVE-2012-4027
CVE.ORG link : CVE-2012-4027
JSON object : View
Products Affected
tridium
- niagara_ax
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')