Tridium : Security Vulnerabilities, CVEs, (Bypass)
A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10).
Max CVSS
4.4
EPSS Score
0.04%
Published
2019-09-24
Updated
2020-10-16
An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.
Max CVSS
9.8
EPSS Score
1.49%
Published
2018-08-20
Updated
2019-04-03
Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack.
Max CVSS
5.0
EPSS Score
0.11%
Published
2012-08-16
Updated
2023-03-22
3 vulnerabilities found