Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.
References
Link | Resource |
---|---|
http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html | Permissions Required |
https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf | Broken Link Vendor Advisory |
Configurations
History
No history.
Information
Published : 2012-07-16 20:55
Updated : 2024-02-28 12:00
NVD link : CVE-2012-4028
Mitre link : CVE-2012-4028
CVE.ORG link : CVE-2012-4028
JSON object : View
Products Affected
tridium
- niagara_ax
CWE
CWE-522
Insufficiently Protected Credentials