Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-4027

Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.

Published

2012-07-16T20:55:04.957

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tridium	niagara_ax	*	Yes

References

http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html Permissions Required ([email protected])
https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf Broken Link, Vendor Advisory ([email protected])
http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)