PT-2018-6325 · Tridium · Niagara Ax Framework+1

Christopher Mazzei

Publicado

2018-08-20

Atualizado

2019-04-03

CVE-2017-16748

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Niagara AX Framework versions 3.8 and prior Niagara 4 Framework versions 4.4 and prior

Description: The issue allows an attacker to log into the local Niagara platform using a disabled account name and a blank password, resulting in administrator access to the Niagara system.

Recommendations: For Niagara AX Framework versions 3.8 and prior, update to a version later than 3.8 to resolve the issue. For Niagara 4 Framework versions 4.4 and prior, update to a version later than 4.4 to resolve the issue.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2017-16748

Produtos afetados

Niagara 4 Framework

Niagara Ax Framework

PT-2018-6325 · Tridium · Niagara Ax Framework+1

CVE-2017-16748

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5