Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tridium Niagara AX Web Server < / 3.6 < Multiple Vulnerabilities



A vulnerable version of the Tridium Niagara AX Web Server has been detected.


The detected version of Tridium Niagara AX is affected by the following vulnerabilities:

- A directory traversal vulnerability exists that allows access to files outside of the intended folders including the file that stores system usernames and passwords. (CVE-2012-4027)

- The system insecurely stores user authentication credentials in 'config.bog'. (CVE-2012-4028)

- Usernames and passwords are stored in plaintext using Base64 encoding in client side cookies. (CVE-2012-3025)

- The software generates predictable session IDs. (CVE-2012-3024)


Upgrade to the latest version of Niagara AX or apply the appropriate security patch per Tridium's security advisory.