Tridium Niagara AX Web Server < 188.8.131.52 / 3.6 < 184.108.40.206 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 8348
SynopsisA vulnerable version of the Tridium Niagara AX Web Server has been detected.
DescriptionThe detected version of Tridium Niagara AX is affected by the following vulnerabilities:
- A directory traversal vulnerability exists that allows access to files outside of the intended folders including the file that stores system usernames and passwords. (CVE-2012-4027)
- The system insecurely stores user authentication credentials in 'config.bog'. (CVE-2012-4028)
- Usernames and passwords are stored in plaintext using Base64 encoding in client side cookies. (CVE-2012-3025)
- The software generates predictable session IDs. (CVE-2012-3024)
SolutionUpgrade to the latest version of Niagara AX or apply the appropriate security patch per Tridium's security advisory.