Details of VAR-201208-0352

ID

VAR-201208-0352

CVE

CVE-2012-3025

TITLE

Tridium Niagara AX Framework Vulnerability in which important information is obtained in default settings

Trust: 0.8

sources: JVNDB: JVNDB-2012-003722

DESCRIPTION

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network. A remote attacker can exploit this vulnerability to gain sensitive information by sniffing the network. Tridium Niagara AX Framework is prone to an information-disclosure vulnerability. This may lead to further attacks. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Niagara Framework Predictable Session Identifier Vulnerability SECUNIA ADVISORY ID: SA50288 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50288/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50288 RELEASE DATE: 2012-08-16 DISCUSS ADVISORY: http://secunia.com/advisories/50288/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50288/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50288 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Niagara Framework, which can be exploited by malicious people to hijack a user's session. The vulnerability is caused due to predictable sessions identifiers being used. SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: Billy Rios and Terry McCorkle via ICS-CERT. ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2012-3025 // JVNDB: JVNDB-2012-003722 // CNVD: CNVD-2012-8346 // BID: 61741 // IVD: 80dad020-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56306 // PACKETSTORM: 115613

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 80dad020-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8346

AFFECTED PRODUCTS

vendor:	tridium	model:	niagara ax	scope:	lte	version:	3.6	Trust: 1.0
vendor:	tridium	model:	niagara ax framework	scope:	lte	version:	3.6	Trust: 0.8
vendor:	tridium	model:	niagara ax	scope:	eq	version:	3.5/3.6/3.7	Trust: 0.6
vendor:	tridium	model:	niagra ax framework	scope:	eq	version:	3.5	Trust: 0.6
vendor:	tridium	model:	niagra ax framework	scope:	eq	version:	3.6	Trust: 0.6
vendor:	tridium	model:	niagaraax	scope:	eq	version:	3.6	Trust: 0.3
vendor:	tridium	model:	niagaraax	scope:	eq	version:	0	Trust: 0.3
vendor:	niagra ax framework	model:	-	scope:	eq	version:	3.5	Trust: 0.2
vendor:	niagra ax framework	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 80dad020-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8346 // BID: 61741 // JVNDB: JVNDB-2012-003722 // CNNVD: CNNVD-201208-277 // NVD: CVE-2012-3025

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3025
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3025
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2012-8346
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201208-277
value:	MEDIUM
Trust: 0.6
IVD:	80dad020-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-56306
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3025
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2012-8346
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	80dad020-2353-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-56306
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 80dad020-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8346 // VULHUB: VHN-56306 // JVNDB: JVNDB-2012-003722 // CNNVD: CNNVD-201208-277 // NVD: CVE-2012-3025

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	CWE-310	Trust: 0.9

sources: VULHUB: VHN-56306 // JVNDB: JVNDB-2012-003722 // NVD: CVE-2012-3025

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-277

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201208-277

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003722

PATCH

title:	Security Update: Niagara AX 3.5 and 3.6 Security Patches	url:	http://www.tridium.com/cs/tridium_news/security_patch_36	Trust: 0.8
title:	Tridium Niagara AX Framework Patch for Encryption Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/35531	Trust: 0.6
title:	framework-3.6.0	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=44160	Trust: 0.6

sources: CNVD: CNVD-2012-8346 // JVNDB: JVNDB-2012-003722 // CNNVD: CNNVD-201208-277

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3025	Trust: 3.7
db:	ICS CERT	id:	ICSA-12-228-01	Trust: 3.5
db:	CNNVD	id:	CNNVD-201208-277	Trust: 0.9
db:	CNVD	id:	CNVD-2012-8346	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-003722	Trust: 0.8
db:	BID	id:	61741	Trust: 0.4
db:	ICS CERT	id:	ICSA-12-228-01A	Trust: 0.3
db:	IVD	id:	80DAD020-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	SECUNIA	id:	50288	Trust: 0.2
db:	VULHUB	id:	VHN-56306	Trust: 0.1
db:	PACKETSTORM	id:	115639	Trust: 0.1
db:	PACKETSTORM	id:	115613	Trust: 0.1

sources: IVD: 80dad020-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8346 // VULHUB: VHN-56306 // BID: 61741 // JVNDB: JVNDB-2012-003722 // PACKETSTORM: 115639 // PACKETSTORM: 115613 // CNNVD: CNNVD-201208-277 // NVD: CVE-2012-3025

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-228-01.pdf	Trust: 3.2
url:	http://www.tridium.com/cs/tridium_news/security_patch_36	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3025	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3025	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-12-228-01	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-12-228-01a	Trust: 0.3
url:	http://www.tridium.com/cs/products_/_services/niagaraax	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4028	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3025	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3024	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4027	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=50288	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/50288/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/csi6beta	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/50288/#comments	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2012-8346 // VULHUB: VHN-56306 // BID: 61741 // JVNDB: JVNDB-2012-003722 // PACKETSTORM: 115639 // PACKETSTORM: 115613 // CNNVD: CNNVD-201208-277 // NVD: CVE-2012-3025

CREDITS

Billy Rios and Terry McCorkle

Trust: 0.3

sources: BID: 61741

SOURCES

db:	IVD	id:	80dad020-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-8346
db:	VULHUB	id:	VHN-56306
db:	BID	id:	61741
db:	JVNDB	id:	JVNDB-2012-003722
db:	PACKETSTORM	id:	115639
db:	PACKETSTORM	id:	115613
db:	CNNVD	id:	CNNVD-201208-277
db:	NVD	id:	CVE-2012-3025

LAST UPDATE DATE

2024-11-23T22:35:27.434000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-8346	date:	2012-08-20T00:00:00
db:	VULHUB	id:	VHN-56306	date:	2012-08-16T00:00:00
db:	BID	id:	61741	date:	2012-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2012-003722	date:	2012-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201208-277	date:	2023-03-23T00:00:00
db:	NVD	id:	CVE-2012-3025	date:	2024-11-21T01:40:08.533

SOURCES RELEASE DATE

db:	IVD	id:	80dad020-2353-11e6-abef-000c29c66e3d	date:	2012-08-20T00:00:00
db:	CNVD	id:	CNVD-2012-8346	date:	2012-08-20T00:00:00
db:	VULHUB	id:	VHN-56306	date:	2012-08-16T00:00:00
db:	BID	id:	61741	date:	2012-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2012-003722	date:	2012-08-20T00:00:00
db:	PACKETSTORM	id:	115639	date:	2012-08-17T03:33:48
db:	PACKETSTORM	id:	115613	date:	2012-08-16T06:34:56
db:	CNNVD	id:	CNNVD-201208-277	date:	2012-08-20T00:00:00
db:	NVD	id:	CVE-2012-3025	date:	2012-08-16T10:38:04.750