Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.
References
Link | Resource |
---|---|
http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf | Broken Link Third Party Advisory US Government Resource |
https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013 | Broken Link |
http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf | Broken Link Third Party Advisory US Government Resource |
https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:43
Type | Values Removed | Values Added |
---|---|---|
References | () http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf - Broken Link, Third Party Advisory, US Government Resource | |
References | () https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013 - Broken Link |
Information
Published : 2013-02-15 12:09
Updated : 2024-11-21 01:43
NVD link : CVE-2012-4701
Mitre link : CVE-2012-4701
CVE.ORG link : CVE-2012-4701
JSON object : View
Products Affected
tridium
- niagara_ax
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')