CVE-2012-4701

HIGH

Description

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.

References

http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf

https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013

Details

Source: MITRE

Published: 2013-02-15

Updated: 2013-02-15

Type: CWE-22

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH