Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.
References
Link | Resource |
---|---|
http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf | Broken Link Third Party Advisory US Government Resource |
https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013 | Broken Link |
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-02-15 04:09
Updated : 2023-03-22 07:11
NVD link : CVE-2012-4701
Mitre link : CVE-2012-4701
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
tridium
- niagara_ax