CVE-2012-4701

Опубликовано: 15 фев. 2013

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.

Ссылки

http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf
Broken Link
Third Party Advisory
US Government Resource
https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013
Broken Link
http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf
Broken Link
Third Party Advisory
US Government Resource
https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tridium:niagara_ax:3.5:*:*:*:*:*:*:*

cpe:2.3:a:tridium:niagara_ax:3.6:*:*:*:*:*:*:*

cpe:2.3:a:tridium:niagara_ax:3.7:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00868

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-m8v2-5pgv-j8f5

github

больше 3 лет назад