Tridium Niagara AX Web Server Multiple Vulnerabilities

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

The remote host is running a web server that is affected by multiple

Description :

The remote host is running a version of Tridium Niagara AX Web Server
that is affected by multiple vulnerabilities :

- A directory traversal vulnerability exists that allows
access to a file that stores login usernames and
passwords. (CVE-2012-4027)

- The system insecurely stores user authentication
credentials in 'config.bog'. (CVE-2012-4028)

- Usernames and passwords are stored in plaintext via
Base64 encoding in client side cookies. (CVE-2012-3025)

- The software generates predictable session IDs.

See also :

Solution :

Apply the applicable security patch per the vendor's advisory.

Risk factor :

High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.9
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 67144 ()

Bugtraq ID: 54454

CVE ID: CVE-2012-3024

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial