Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4027

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-4027
Last Modified 17 Jul 2012 12:00:00
Published 16 Jul 2012 04:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4027

Summary

Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.

Vulnerable Systems

Application

  • Tridium Niagra Ax Framework


References

CONFIRM - https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf

MISC - http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html


Last Updated: 27 May 2016 10:57:33