Tridium Niagara AX Web Server Multiple Vulnerabilities
High Nessus Plugin ID 67144
SynopsisThe remote host is running a web server that is affected by multiple vulnerabilities.
DescriptionThe remote host is running a version of Tridium Niagara AX Web Server that is affected by multiple vulnerabilities :
- A directory traversal vulnerability exists that allows access to a file that stores login usernames and passwords. (CVE-2012-4027)
- The system insecurely stores user authentication credentials in 'config.bog'. (CVE-2012-4028)
- Usernames and passwords are stored in plaintext via Base64 encoding in client side cookies. (CVE-2012-3025)
- The software generates predictable session IDs.
SolutionApply the applicable security patch per the vendor's advisory.