PT-2018-6325 · Tridium · Niagara Ax Framework+1

Christopher Mazzei

Published

2018-08-20

Updated

2019-04-03

CVE-2017-16748

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Niagara AX Framework versions 3.8 and prior Niagara 4 Framework versions 4.4 and prior

Description: The issue allows an attacker to log into the local Niagara platform using a disabled account name and a blank password, resulting in administrator access to the Niagara system.

Recommendations: For Niagara AX Framework versions 3.8 and prior, update to a version later than 3.8 to resolve the issue. For Niagara 4 Framework versions 4.4 and prior, update to a version later than 4.4 to resolve the issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2017-16748

Affected Products

Niagara 4 Framework

Niagara Ax Framework

PT-2018-6325 · Tridium · Niagara Ax Framework+1

CVE-2017-16748

Weakness Enumeration

Related Identifiers

Affected Products

References · 5