Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tridium niagara ax vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2012-4701
Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote malicious users to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.
Tridium Niagara Ax 3.7
Tridium Niagara Ax 3.6
Tridium Niagara Ax 3.5
3.5
CVSSv2
CVE-2018-18985
Tridium Niagara Enterprise Security 2.3u1, all versions before 2.3.118.6, Niagara AX 3.8u4, all versions before 3.8.401.1, Niagara 4.4u2, all versions before 4.4.93.40.2, and Niagara 4.6, all versions before 4.6.96.28.4 a cross-site scripting vulnerability has been identified tha...
Tridium Niagara Enterprise Security
Tridium Niagara Ax Framework
Tridium Niagara
Tridium Niagara Enterprise Security 2.3u1
Tridium Niagara 4.4u2
Tridium Niagara Ax Framework 3.8u4
6.5
CVSSv2
CVE-2017-16744
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.
Tridium Niagara Ax Framework
Tridium Niagara
1 Github repository
7.5
CVSSv2
CVE-2017-16748
An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.
Tridium Niagara
Tridium Niagara Ax Framework
1 Github repository
5
CVSSv2
CVE-2012-4027
Directory traversal vulnerability in Tridium Niagara AX Framework allows remote malicious users to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.
Tridium Niagara Ax
7.8
CVSSv2
CVE-2012-4028
Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent malicious users to bypass intended access restrictions by using the stored information for authentication.
Tridium Niagara Ax
5
CVSSv2
CVE-2012-3025
The default configuration of Tridium Niagara AX Framework up to and including 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote malicious users to obtain sensitive information by sniffing the network.
Tridium Niagara Ax
5
CVSSv2
CVE-2012-3024
Tridium Niagara AX Framework up to and including 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote malicious users to bypass authentication via a brute-force attack.
Tridium Niagara Ax
2.1
CVSSv2
CVE-2019-13528
A specific utility may allow an malicious user to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10).
Tridium Niagara Ax 3.8u4
Tridium Niagara4 4.4u3
Tridium Niagara4 4.7u1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started