CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-3025

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 80.9%

CVSS Severity

CVSS v2 Score 5.0

References

http://www.tridium.com/cs/tridium_news/security_patch_36
http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf
http://www.tridium.com/cs/tridium_news/security_patch_36
http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf

Products affected by CVE-2012-3025

Tridium » Niagara Ax » Version: 3.5

cpe:2.3:a:tridium:niagara_ax:3.5
Tridium » Niagara Ax » Version: 3.6

cpe:2.3:a:tridium:niagara_ax:3.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-3025

Products

Pricing

Contact Us