Sign-up

ID

VAR-201302-0028


CVE

CVE-2012-4701


TITLE

TRIDIUM NiagaraAX Directory Traversal Vulnerability

Trust: 0.8

sources: IVD: 170be9f4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01004

DESCRIPTION

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature. Tridium Niagara is a building monitoring system. TRIDIUM NiagaraAX is prone to a directory-traversal vulnerability. This may aid in further attacks. A directory traversal vulnerability exists in Tridium Niagara AX versions 3.5, 3.6 and 3.7

Trust: 2.7

sources: NVD: CVE-2012-4701 // JVNDB: JVNDB-2013-001581 // CNVD: CNVD-2013-01004 // BID: 57968 // IVD: 170be9f4-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57982

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 170be9f4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01004

AFFECTED PRODUCTS

vendor:tridiummodel:niagara axscope:eqversion:3.6

Trust: 1.0

vendor:tridiummodel:niagara axscope:eqversion:3.7

Trust: 1.0

vendor:tridiummodel:niagara axscope:eqversion:3.5

Trust: 1.0

vendor:tridiummodel:niagara ax frameworkscope:eqversion:3.5

Trust: 0.8

vendor:tridiummodel:niagara ax frameworkscope:eqversion:3.6

Trust: 0.8

vendor:tridiummodel:niagara ax frameworkscope:eqversion:3.7

Trust: 0.8

vendor:tridiummodel:niagara axscope:eqversion:3.5/3.6/3.7

Trust: 0.6

vendor:tridiummodel:niagra ax frameworkscope:eqversion:3.5

Trust: 0.6

vendor:tridiummodel:niagra ax frameworkscope:eqversion:3.6

Trust: 0.6

vendor:tridiummodel:niagra ax frameworkscope:eqversion:3.7

Trust: 0.6

vendor:tridiummodel:niagaraaxscope:eqversion:3.7

Trust: 0.3

vendor:tridiummodel:niagaraaxscope:eqversion:3.6

Trust: 0.3

vendor:tridiummodel:niagaraaxscope:eqversion:0

Trust: 0.3

vendor:tridiummodel:niagaraaxscope:neversion:3.7.46.3

Trust: 0.3

vendor:tridiummodel:niagaraaxscope:neversion:3.6.47.1

Trust: 0.3

vendor:tridiummodel:niagaraaxscope:neversion:3.5.39

Trust: 0.3

vendor:niagra ax frameworkmodel: - scope:eqversion:3.5

Trust: 0.2

vendor:niagra ax frameworkmodel: - scope:eqversion:3.6

Trust: 0.2

vendor:niagra ax frameworkmodel: - scope:eqversion:3.7

Trust: 0.2

sources: IVD: 170be9f4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01004 // BID: 57968 // JVNDB: JVNDB-2013-001581 // CNNVD: CNNVD-201302-264 // NVD: CVE-2012-4701

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4701
value: HIGH

Trust: 1.0

NVD: CVE-2012-4701
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201302-264
value: MEDIUM

Trust: 0.6

IVD: 170be9f4-2353-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-57982
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-4701
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 170be9f4-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-57982
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 170be9f4-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57982 // JVNDB: JVNDB-2013-001581 // CNNVD: CNNVD-201302-264 // NVD: CVE-2012-4701

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-57982 // JVNDB: JVNDB-2013-001581 // NVD: CVE-2012-4701

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-264

TYPE

Path traversal

Trust: 0.8

sources: IVD: 170be9f4-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201302-264

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001581

PATCH
title:Niagara AX Security Patch 11-Feb-2013url:https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013
Trust: 0.8
title:TRIDIUM NiagaraAX Directory Traversal Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/31881
Trust: 0.6
title:securityPatches3.7_120211url:http://123.124.177.30/web/xxk/bdxqById.tag?id=45360
Trust: 0.6
title:securityPatches3.6_120211url:http://123.124.177.30/web/xxk/bdxqById.tag?id=45359
Trust: 0.6
title:securityPatches3.5_120211url:http://123.124.177.30/web/xxk/bdxqById.tag?id=45358
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-01004 // 
            
            
            
            JVNDB: JVNDB-2013-001581 // 
            
            
            
            CNNVD: CNNVD-201302-264

EXTERNAL IDS
db:NVDid:CVE-2012-4701
Trust: 3.6
db:ICS CERTid:ICSA-13-045-01
Trust: 3.4
db:CNNVDid:CNNVD-201302-264
Trust: 0.9
db:CNVDid:CNVD-2013-01004
Trust: 0.8
db:JVNDBid:JVNDB-2013-001581
Trust: 0.8
db:BIDid:57968
Trust: 0.4
db:IVDid:170BE9F4-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-57982
Trust: 0.1
sources:
            
            
            IVD: 170be9f4-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-01004 // 
            
            
            
            VULHUB: VHN-57982 // 
            
            
            
            BID: 57968 // 
            
            
            
            JVNDB: JVNDB-2013-001581 // 
            
            
            
            CNNVD: CNNVD-201302-264 // 
            
            
            
            NVD: CVE-2012-4701

REFERENCES
url:http://ics-cert.us-cert.gov/pdf/icsa-13-045-01.pdf
Trust: 3.4
url:https://www.niagara-central.com/ord?portal:/dev/wiki/niagara_ax_security_patch_11-feb-2013
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4701
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4701
Trust: 0.8
url:http://www.niagaraax.com/
Trust: 0.3
url:http://www.tridium.com/cs/products_/_services/niagaraax
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-01004 // 
            
            
            
            VULHUB: VHN-57982 // 
            
            
            
            BID: 57968 // 
            
            
            
            JVNDB: JVNDB-2013-001581 // 
            
            
            
            CNNVD: CNNVD-201302-264 // 
            
            
            
            NVD: CVE-2012-4701

CREDITS
Billy Rios and Terry McCorkle
Trust: 0.3
sources:
            
            
            BID: 57968

SOURCES
db:IVDid:170be9f4-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-01004
db:VULHUBid:VHN-57982
db:BIDid:57968
db:JVNDBid:JVNDB-2013-001581
db:CNNVDid:CNNVD-201302-264
db:NVDid:CVE-2012-4701

LAST UPDATE DATE
2024-11-23T22:23:16.474000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-01004date:2013-05-24T00:00:00
db:VULHUBid:VHN-57982date:2013-02-15T00:00:00
db:BIDid:57968date:2013-02-14T00:00:00
db:JVNDBid:JVNDB-2013-001581date:2013-02-18T00:00:00
db:CNNVDid:CNNVD-201302-264date:2023-03-23T00:00:00
db:NVDid:CVE-2012-4701date:2024-11-21T01:43:22.887

SOURCES RELEASE DATE
db:IVDid:170be9f4-2353-11e6-abef-000c29c66e3ddate:2013-02-19T00:00:00
db:CNVDid:CNVD-2013-01004date:2013-02-19T00:00:00
db:VULHUBid:VHN-57982date:2013-02-15T00:00:00
db:BIDid:57968date:2013-02-14T00:00:00
db:JVNDBid:JVNDB-2013-001581date:2013-02-18T00:00:00
db:CNNVDid:CNNVD-201302-264date:2013-02-20T00:00:00
db:NVDid:CVE-2012-4701date:2013-02-15T12:09:27.773