Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.
References
Link | Resource |
---|---|
https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf | Broken Link Vendor Advisory |
http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html | Permissions Required |
Configurations
Information
Published : 2012-07-16 13:55
Updated : 2023-03-22 07:10
NVD link : CVE-2012-4028
Mitre link : CVE-2012-4028
JSON object : View
CWE
CWE-522
Insufficiently Protected Credentials
Products Affected
tridium
- niagara_ax