Skip to main content

Niagara Ax

6 CVEs product

Monthly

CVE-2019-13528 MEDIUM This Month

A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000),. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Niagara Ax Niagara4
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2012-4701 CRITICAL Act Now

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal RCE Niagara Ax
NVD
CVSS 2.0
9.3
EPSS
0.8%
CVE-2012-3025 MEDIUM PATCH This Month

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Niagara Ax
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-3024 MEDIUM PATCH This Month

Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Niagara Ax
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-4028 HIGH This Week

Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Niagara Ax
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2012-4027 MEDIUM This Month

Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Niagara Ax
NVD
CVSS 2.0
5.0
EPSS
0.1%
EPSS 0% CVSS 4.4
MEDIUM This Month

A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000),. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Niagara Ax Niagara4
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal RCE Niagara Ax
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Niagara Ax
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Niagara Ax
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Niagara Ax
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Niagara Ax
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy