GCVE - cpe:2.3:a:tridium:niagara_ax_framework:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:tridium:niagara_ax_framework:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Tridium (`f2a5a3f5-4284-5833-a4b3-3c69c2499d9a`)
Product	Niagara Ax Framework (`ea1a4a7e-e936-5766-a62d-0eff559f51ce`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-18985`	vulnerable	2026-06-08 05:11:15.051736	Details available Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality. Published: 2019-01-29T16:00:00.000Z Updated: 2024-09-16T17:54:09.008Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/106530 https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-16748`	vulnerable	2026-06-08 05:09:01.023006	Details available An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system. Published: 2018-08-20T21:00:00.000Z Updated: 2024-09-17T03:13:38.893Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/105101 https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03 https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-16744`	vulnerable	2026-06-08 05:09:01.020786	Details available A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials. Published: 2018-08-20T21:00:00.000Z Updated: 2024-09-17T00:42:31.941Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/105101 https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03 https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.