ID

VAR-201207-0105


CVE

CVE-2012-4028


TITLE

Tridium Niagara AX Framework Security Bypass Vulnerability

Trust: 1.4

sources: IVD: ac8e61d2-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3796 // CNNVD: CNNVD-201207-224

DESCRIPTION

Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. A vulnerability exists in the Tridium Niagara AX Framework. The vulnerability stems from a failure to properly store credential data. TRIDIUM NiagaraAX is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Niagara Framework Predictable Session Identifier Vulnerability SECUNIA ADVISORY ID: SA50288 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50288/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50288 RELEASE DATE: 2012-08-16 DISCUSS ADVISORY: http://secunia.com/advisories/50288/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50288/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50288 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Niagara Framework, which can be exploited by malicious people to hijack a user's session. The vulnerability is caused due to predictable sessions identifiers being used. SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: Billy Rios and Terry McCorkle via ICS-CERT. ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2012-4028 // JVNDB: JVNDB-2012-003105 // CNVD: CNVD-2012-3796 // BID: 61740 // IVD: ac8e61d2-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57309 // PACKETSTORM: 115613

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ac8e61d2-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3796

AFFECTED PRODUCTS

vendor:tridiummodel:niagara axscope:eqversion:*

Trust: 1.0

vendor:tridiummodel:niagara ax frameworkscope: - version: -

Trust: 0.8

vendor:tridiummodel:niagara ax framework softwarescope: - version: -

Trust: 0.6

vendor:tridiummodel:niagra ax frameworkscope: - version: -

Trust: 0.6

vendor:tridiummodel:niagaraaxscope:eqversion:0

Trust: 0.3

vendor:niagra ax frameworkmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: ac8e61d2-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3796 // BID: 61740 // JVNDB: JVNDB-2012-003105 // CNNVD: CNNVD-201207-224 // NVD: CVE-2012-4028

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4028
value: HIGH

Trust: 1.0

NVD: CVE-2012-4028
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201207-224
value: HIGH

Trust: 0.6

IVD: ac8e61d2-2353-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-57309
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-4028
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: ac8e61d2-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-57309
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: ac8e61d2-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57309 // JVNDB: JVNDB-2012-003105 // CNNVD: CNNVD-201207-224 // NVD: CVE-2012-4028

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-57309 // JVNDB: JVNDB-2012-003105 // NVD: CVE-2012-4028

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-224

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201207-224

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003105

PATCH

title:Security Alert: Niagara AX(tm) Directory Traversal Remediationurl:https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2012-003105

EXTERNAL IDS

db:NVDid:CVE-2012-4028

Trust: 3.7

db:CNNVDid:CNNVD-201207-224

Trust: 0.9

db:CNVDid:CNVD-2012-3796

Trust: 0.8

db:JVNDBid:JVNDB-2012-003105

Trust: 0.8

db:BIDid:61740

Trust: 0.4

db:ICS CERTid:ICSA-12-228-01

Trust: 0.4

db:ICS CERT ALERTid:ICS-ALERT-12-195-01

Trust: 0.3

db:ICS CERTid:ICSA-12-228-01A

Trust: 0.3

db:IVDid:AC8E61D2-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:SECUNIAid:50288

Trust: 0.2

db:VULHUBid:VHN-57309

Trust: 0.1

db:PACKETSTORMid:115639

Trust: 0.1

db:PACKETSTORMid:115613

Trust: 0.1

sources: IVD: ac8e61d2-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3796 // VULHUB: VHN-57309 // BID: 61740 // JVNDB: JVNDB-2012-003105 // PACKETSTORM: 115639 // PACKETSTORM: 115613 // CNNVD: CNNVD-201207-224 // NVD: CVE-2012-4028

REFERENCES

url:https://www.tridium.com/galleries/briefings/niagaraax_framework_software_security_alert.pdf

Trust: 2.3

url:http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gjqarjl6dw_story.html

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4028

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4028

Trust: 0.8

url:http://ics-cert.us-cert.gov/advisories/icsa-12-228-01

Trust: 0.3

url:http://ics-cert.us-cert.gov/advisories/icsa-12-228-01a

Trust: 0.3

url:http://ics-cert.us-cert.gov/alerts/ics-alert-12-195-01

Trust: 0.3

url:http://www.niagaraax.com/

Trust: 0.3

url:http://www.tridium.com/cs/products_/_services/niagaraax

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-4028

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3025

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3024

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4027

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=50288

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/50288/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/csi6beta

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/50288/#comments

Trust: 0.1

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-228-01.pdf

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2012-3796 // VULHUB: VHN-57309 // BID: 61740 // JVNDB: JVNDB-2012-003105 // PACKETSTORM: 115639 // PACKETSTORM: 115613 // CNNVD: CNNVD-201207-224 // NVD: CVE-2012-4028

CREDITS

Billy Rios and Terry McCorkle

Trust: 0.3

sources: BID: 61740

SOURCES

db:IVDid:ac8e61d2-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-3796
db:VULHUBid:VHN-57309
db:BIDid:61740
db:JVNDBid:JVNDB-2012-003105
db:PACKETSTORMid:115639
db:PACKETSTORMid:115613
db:CNNVDid:CNNVD-201207-224
db:NVDid:CVE-2012-4028

LAST UPDATE DATE

2024-11-23T22:35:27.275000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-3796date:2012-07-23T00:00:00
db:VULHUBid:VHN-57309date:2012-12-04T00:00:00
db:BIDid:61740date:2012-07-13T00:00:00
db:JVNDBid:JVNDB-2012-003105date:2012-12-07T00:00:00
db:CNNVDid:CNNVD-201207-224date:2023-03-23T00:00:00
db:NVDid:CVE-2012-4028date:2024-11-21T01:42:04.447

SOURCES RELEASE DATE

db:IVDid:ac8e61d2-2353-11e6-abef-000c29c66e3ddate:2012-07-23T00:00:00
db:CNVDid:CNVD-2012-3796date:2012-07-23T00:00:00
db:VULHUBid:VHN-57309date:2012-07-16T00:00:00
db:BIDid:61740date:2012-07-13T00:00:00
db:JVNDBid:JVNDB-2012-003105date:2012-07-18T00:00:00
db:PACKETSTORMid:115639date:2012-08-17T03:33:48
db:PACKETSTORMid:115613date:2012-08-16T06:34:56
db:CNNVDid:CNNVD-201207-224date:2012-07-17T00:00:00
db:NVDid:CVE-2012-4028date:2012-07-16T20:55:05.003