CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-4701

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.1%

CVSS Severity

CVSS v2 Score 9.3

References

http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf
https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013
http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf
https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013

Products affected by CVE-2012-4701

Tridium » Niagara Ax » Version: 3.5

cpe:2.3:a:tridium:niagara_ax:3.5
Tridium » Niagara Ax » Version: 3.6

cpe:2.3:a:tridium:niagara_ax:3.6
Tridium » Niagara Ax » Version: 3.7

cpe:2.3:a:tridium:niagara_ax:3.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-4701

Products

Pricing

Contact Us