CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-4028

Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.9%

CVSS Severity

CVSS v2 Score 7.8

References

http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html
https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf
http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html
https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf

Products affected by CVE-2012-4028

Tridium » Niagara Ax » Version: 3.5

cpe:2.3:a:tridium:niagara_ax:3.5
Tridium » Niagara Ax » Version: 3.6

cpe:2.3:a:tridium:niagara_ax:3.6
Tridium » Niagara Ax » Version: 3.7

cpe:2.3:a:tridium:niagara_ax:3.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-4028

Products

Pricing

Contact Us