CVE-2012-4701
Summary
| CVE | CVE-2012-4701 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-02-15 12:09:00 UTC |
| Updated | 2023-03-22 14:11:00 UTC |
| Description | Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Tridium | Niagara Ax | 3.5 | All | All | All |
| Application | Tridium | Niagara Ax | 3.6 | All | All | All |
| Application | Tridium | Niagara Ax | 3.7 | All | All | All |
| Application | Tridium | Niagra Ax Framework | 3.5 | All | All | All |
| Application | Tridium | Niagra Ax Framework | 3.6 | All | All | All |
| Application | Tridium | Niagra Ax Framework | 3.7 | All | All | All |
| Application | Tridium | Niagra Ax Framework | 3.5 | All | All | All |
| Application | Tridium | Niagra Ax Framework | 3.6 | All | All | All |
| Application | Tridium | Niagra Ax Framework | 3.7 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Niagara AX Security Patch 11-Feb-2013 | CONFIRM | www.niagara-central.com | |
| 404 - File Not Found | CISA | MISC | ics-cert.us-cert.gov | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590616 Tridium NiagaraAX Directory Traversal Vulnerability (ICSA-13-045-01)