Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3024

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3024
Last Modified 16 Aug 2012 12:00:00
Published 16 Aug 2012 06:38:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3024

Summary

Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack.

Vulnerable Systems

Application

  • Tridium Niagra Ax Framework 3.5

  • Tridium Niagra Ax Framework 3.6


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf

CONFIRM - http://www.tridium.com/cs/tridium_news/security_patch_36


Last Updated: 27 May 2016 10:56:37