Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities
BID:105101
CVE-2017-16744 | CVE-2017-16748 |Info
Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities
| Bugtraq ID: | 105101 |
| Class: | Input Validation Error |
| CVE: |
CVE-2017-16744 CVE-2017-16748 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 16 2018 12:00AM |
| Updated: | Jan 23 2019 07:00AM |
| Credit: | Johnathan Gains and Leet Cyber Security. |
| Vulnerable: |
TRIDIUM Niagara AX Framework 3.8 TRIDIUM 4 Framework 4.4 |
| Not Vulnerable: | |
Discussion
Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities
Tridium Niagara is prone to directory-traversal vulnerability and authentication-bypass vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow an attacker to bypass authentication and perform unauthorized actions on the affected application, and to obtain sensitive information that could aid in further attacks.
The following products are affected:
Niagara AX Framework Version 3.8 and prior.
Niagara 4 Framework Versions 4.4 and prior.
Tridium Niagara is prone to directory-traversal vulnerability and authentication-bypass vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow an attacker to bypass authentication and perform unauthorized actions on the affected application, and to obtain sensitive information that could aid in further attacks.
The following products are affected:
Niagara AX Framework Version 3.8 and prior.
Niagara 4 Framework Versions 4.4 and prior.
Exploit / POC
Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities
References:
References:
- Tridium Homepage (Tridium)
- ICSA-18-191-03: Tridium Niagara (CERT)
- ICSA-19-022-01 Johnson Controls Facility Explorer (CERT)