Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tridium Niagara AX Web Server < 3.5.40.3 / 3.6 < 3.6.47.3 Multiple Vulnerabilities

High

Synopsis

A vulnerable version of the Tridium Niagara AX Web Server has been detected.

Description

The detected version of Tridium Niagara AX is affected by the following vulnerabilities:

- A directory traversal vulnerability exists that allows access to files outside of the intended folders including the file that stores system usernames and passwords. (CVE-2012-4027)

- The system insecurely stores user authentication credentials in 'config.bog'. (CVE-2012-4028)

- Usernames and passwords are stored in plaintext using Base64 encoding in client side cookies. (CVE-2012-3025)

- The software generates predictable session IDs. (CVE-2012-3024)

Solution

Upgrade to the latest version of Niagara AX or apply the appropriate security patch per Tridium's security advisory.