Description
Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.
References (2)
Core 2
Core References
Broken Link, Third Party Advisory, US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf
Broken Link x_refsource_confirm
https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013
Scores
EPSS
0.0637
EPSS Percentile
92.8%
Details
CWE
CWE-22
Status
published
Products (3)
tridium/niagara_ax
3.5
tridium/niagara_ax
3.6
tridium/niagara_ax
3.7
Published
Feb 15, 2013
Tracked Since
Feb 18, 2026