Known Vulnerabilities for products from Tridium
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Tridium".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-14483 | A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hangi... | 4.3 - MEDIUM | 2020-08-13 | 2020-08-19 |
| CVE-2019-13528 | A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, J... | 4.4 - MEDIUM | 2019-09-24 | 2020-10-16 |
| CVE-2018-18985 | Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1... | 5.4 - MEDIUM | 2019-01-29 | 2019-10-09 |
| CVE-2017-16748 | An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versi... | 9.8 - CRITICAL | 2018-08-20 | 2019-04-03 |
| CVE-2017-16744 | A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior inst... | 7.2 - HIGH | 2018-08-20 | 2019-04-03 |
| CVE-2012-4701 | Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, an... | 9.3 - HIGH | 2013-02-15 | 2023-03-22 |
| CVE-2012-4028 | Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass inte... | 7.8 - HIGH | 2012-07-16 | 2023-03-22 |
| CVE-2012-4027 | Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intend... | 5 - MEDIUM | 2012-07-16 | 2023-03-22 |
| CVE-2012-3025 | The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of cred... | 5 - MEDIUM | 2012-08-16 | 2023-03-22 |
| CVE-2012-3024 | Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote a... | 5 - MEDIUM | 2012-08-16 | 2023-03-22 |
Known software with vulnerabilities from Tridium
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Tridium | Niagara | 4.0 |
| Application | Tridium | Niagara Ax Framework | 3.8 |
| Application | Tridium | Niagara Enterprise Security | 2.4.31 |
| Application | Tridium | Niagra Ax Framework | 3.5 |