Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

tridium niagara ax vulnerabilities and exploits

(subscribe to this query)
9.3
CVSSv2
CVE-2012-4701
Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote malicious users to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.
Tridium Niagara Ax 3.7Tridium Niagara Ax 3.6Tridium Niagara Ax 3.5
3.5
CVSSv2
CVE-2018-18985
Tridium Niagara Enterprise Security 2.3u1, all versions before 2.3.118.6, Niagara AX 3.8u4, all versions before 3.8.401.1, Niagara 4.4u2, all versions before 4.4.93.40.2, and Niagara 4.6, all versions before 4.6.96.28.4 a cross-site scripting vulnerability has been identified tha...
Tridium Niagara Enterprise SecurityTridium Niagara Ax FrameworkTridium NiagaraTridium Niagara Enterprise Security 2.3u1Tridium Niagara 4.4u2Tridium Niagara Ax Framework 3.8u4
6.5
CVSSv2
CVE-2017-16744
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.
Tridium Niagara Ax FrameworkTridium Niagara
7.5
CVSSv2
CVE-2017-16748
An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.
Tridium NiagaraTridium Niagara Ax Framework
5
CVSSv2
CVE-2012-4027
Directory traversal vulnerability in Tridium Niagara AX Framework allows remote malicious users to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.
Tridium Niagara Ax
7.8
CVSSv2
CVE-2012-4028
Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent malicious users to bypass intended access restrictions by using the stored information for authentication.
Tridium Niagara Ax
5
CVSSv2
CVE-2012-3025
The default configuration of Tridium Niagara AX Framework up to and including 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote malicious users to obtain sensitive information by sniffing the network.
Tridium Niagara Ax
5
CVSSv2
CVE-2012-3024
Tridium Niagara AX Framework up to and including 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote malicious users to bypass authentication via a brute-force attack.
Tridium Niagara Ax
2.1
CVSSv2
CVE-2019-13528
A specific utility may allow an malicious user to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10).
Tridium Niagara Ax 3.8u4Tridium Niagara4 4.4u3Tridium Niagara4 4.7u1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310CVE-2024-21683CVE-2024-22187chromedeserializationXPath injectionCVE-2024-27842denial of serviceCVE-2024-24851googleCVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook