{"api_version":"1","generated_at":"2026-04-23T11:32:20+00:00","cve":"CVE-2012-4027","urls":{"html":"https://cve.report/CVE-2012-4027","api":"https://cve.report/api/cve/CVE-2012-4027.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-4027","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-4027"},"summary":{"title":"CVE-2012-4027","description":"Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2012-07-16 20:55:00","updated_at":"2023-03-22 14:09:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf","name":"https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Open Automation Solutions","mime":"text/html","httpstatus":"404","archivestatus":"0"},{"url":"http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html","name":"http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html","refsource":"MISC","tags":[],"title":"Tridium’s Niagara Framework: Marvel of connectivity illustrates new cyber risks - Washington Post","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-4027","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4027","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"4027","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tridium","cpe5":"niagara_ax","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4027","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tridium","cpe5":"niagra_ax_framework","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4027","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tridium","cpe5":"niagra_ax_framework","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2012-4027","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html","refsource":"MISC","url":"http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html"},{"name":"https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf","refsource":"CONFIRM","url":"https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf"}]}},"nvd":{"publishedDate":"2012-07-16 20:55:00","lastModifiedDate":"2023-03-22 14:09:00","problem_types":["CWE-22"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tridium:niagara_ax:*:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"4027","Ordinal":"56777","Title":"CVE-2012-4027","CVE":"CVE-2012-4027","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"4027","Ordinal":"1","NoteData":"Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.","Type":"Description","Title":null},{"CveYear":"2012","CveId":"4027","Ordinal":"2","NoteData":"2012-07-16","Type":"Other","Title":"Published"}]}}}