Tridium · Niagara Ax Framework · CVE-2017-16748
Name of the Vulnerable Software and Affected Versions:
Niagara AX Framework versions 3.8 and prior
Niagara 4 Framework versions 4.4 and prior
Description:
The issue allows an attacker to log into the local Niagara platform using a disabled account name and a blank password, resulting in administrator access to the Niagara system.
Recommendations:
For Niagara AX Framework versions 3.8 and prior, update to a version later than 3.8 to resolve the issue.
For Niagara 4 Framework versions 4.4 and prior, update to a version later than 4.4 to resolve the issue.