PT-2013-1700 · Tridium · Tridium Niagara Ax
Published
2013-02-15
·
Updated
2023-03-22
·
CVE-2012-4701
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Tridium Niagara AX versions 3.5 through 3.7
Description
The issue allows remote attackers to read sensitive files and potentially execute arbitrary code by leveraging valid credentials or the guest feature.
Recommendations
For versions 3.5 through 3.7, update to a version that contains a fix for this issue to prevent directory traversal attacks.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tridium Niagara Ax