GCVE - cpe:2.3:a:tridium:niagara_ax:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:tridium:niagara_ax:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Tridium (`f2a5a3f5-4284-5833-a4b3-3c69c2499d9a`)
Product	Niagara Ax (`c0fedc04-9a47-5faa-9c96-75206d086d18`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-4028`	vulnerable	2026-06-08 05:02:15.620225	Details available Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. Published: 2012-07-16T19:00:00.000Z Updated: 2024-09-17T03:23:05.134Z Open on db.gcve.eu Reference links http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-4027`	vulnerable	2026-06-08 05:02:15.619923	Details available Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file. Published: 2012-07-16T19:00:00.000Z Updated: 2024-09-16T20:52:31.272Z Open on db.gcve.eu Reference links http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3025`	vulnerable	2026-06-08 05:02:07.763870	Details available The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network. Published: 2012-08-16T10:00:00.000Z Updated: 2024-09-16T17:53:56.069Z Open on db.gcve.eu Reference links http://www.tridium.com/cs/tridium_news/security_patch_36 http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3024`	vulnerable	2026-06-08 05:02:07.763340	Details available Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack. Published: 2012-08-16T10:00:00.000Z Updated: 2024-09-16T20:03:44.878Z Open on db.gcve.eu Reference links http://www.tridium.com/cs/tridium_news/security_patch_36 http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.