CVE-2017-16744

HIGH

Tridium Niagara AX <3.8 & Niagara 4 <4.4 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16744. PoCs published by GainSec.

AI-analyzed exploit summary This repository contains a PoC for CVE-2017-16744 and CVE-2017-16748, which are directory traversal vulnerabilities in Tridium Niagara AX and Niagara 4. The Python script and shell script demonstrate the ability to traverse directories and access sensitive files.

Description

A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.

Exploits (1)

nomisec WORKING POC 3 stars
by GainSec · poc
https://github.com/GainSec/CVE-2017-16744-and-CVE-2017-16748-Tridium-Niagara

This repository contains a PoC for CVE-2017-16744 and CVE-2017-16748, which are directory traversal vulnerabilities in Tridium Niagara AX and Niagara 4. The Python script and shell script demonstrate the ability to traverse directories and access sensitive files.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Tridium Niagara AX Versions: 3.8 and prior, Niagara 4 Versions: 4.4 and prior
Auth required
Prerequisites: Python 3 · Target URL · Basic Authentication Credentials
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105101
Third Party Advisory, US Government Resource, VDB Entry x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03

Scores

CVSS v3 7.2
EPSS 0.0622
EPSS Percentile 92.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (2)
tridium/niagara 4.0 - 4.4
tridium/niagara_ax_framework < 3.8
Published Aug 20, 2018
Tracked Since Feb 18, 2026