CVE-2012-3025

Tridium Niagara AX Framework <3.6 - Info Disclosure

Title source: llm

Description

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network.

References (2)

[Broken Link, Patch, Vendor Advisory] http://www.tridium.com/cs/tridium_news/security_patch_36

[Broken Link, Third Party Advisory, US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf

Scores

EPSS 0.0079

EPSS Percentile 73.6%

Classification

CWE

CWE-522

Status draft

Affected Products (1)

tridium/niagara_ax < 3.6

Timeline

Published Aug 16, 2012

Tracked Since Feb 18, 2026