Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.

Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

The detected version of Tridium Niagara AX is affected by the following vulnerabilities:

 - A directory traversal vulnerability exists that allows access to files outside of the intended folders including the file that stores system usernames and passwords. (CVE-2012-4027)

 - The system insecurely stores user authentication credentials in 'config.bog'. (CVE-2012-4028)

 - Usernames and passwords are stored in plaintext using Base64 encoding in client side cookies. (CVE-2012-3025)

 - The software generates predictable session IDs. (CVE-2012-3024)

The remote host is running a version of Tridium Niagara AX Web Server that is affected by multiple vulnerabilities :

  - A directory traversal vulnerability exists that allows     access to a file that stores login usernames and     passwords. (CVE-2012-4027)

  - The system insecurely stores user authentication     credentials in 'config.bog'. (CVE-2012-4028)

  - Usernames and passwords are stored in plaintext via     Base64 encoding in client side cookies. (CVE-2012-3025)

  - The software generates predictable session IDs.
    (CVE-2012-3024)

ID	Name	Product	Family	Severity
500894	Tridium Niagara AX Path Traversal (CVE-2012-4027)	Tenable OT Security	Tenable.ot	high
8348	Tridium Niagara AX Web Server < 3.5.40.3 / 3.6 < 3.6.47.3 Multiple Vulnerabilities	Nessus Network Monitor	SCADA	medium
67144	Tridium Niagara AX Web Server Multiple Vulnerabilities	Nessus	SCADA	high

Detections

Analytics

CVE-2012-4027

high

Tenable Plugins

high

medium

high