CVE-2017-16744
published 2018-08-20CVE-2017-16744: A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems…
PriorityP344high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
EPSS
6.22%
92.6th percentile
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ics-cert | niagara_ax_framework_and_niagara_4_framework | — | — |
| tridium | niagara | 4.0 – 4.4 | — |
| tridium | niagara_ax_framework | <= 3.8 | — |
CVSS provenance
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3365-prfc-qrcq: A path traversal vulnerability in Tridium Niagara AX Versions 3
ghsa_unreviewed·2022-05-14
CVE-2017-16744 [HIGH] CWE-22 GHSA-3365-prfc-qrcq: A path traversal vulnerability in Tridium Niagara AX Versions 3
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.
CISA ICS
Johnson Controls Facility Explorer
cisa_ics·2019-01-22·CVSS 7.2
[HIGH] Johnson Controls Facility Explorer
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Johnson Controls Facility Explorer
Last RevisedJanuary 22, 2019
Alert CodeICSA-19-022-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 7.4
- ATTENTION: Exploitable remotely
- Vendor: Johnson Controls
- Equipment: Facility Explorer
- Vulnerabilities: Path Traversal, Improper Authentication
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to read, write, and delete sensitive files to gain administrator privileges in the Facility Explorer system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Facility Explorer leverages Tridium Niagara t
CISA ICS
Tridium Niagara
cisa_ics·2018-10-30·CVSS 7.2
[HIGH] Tridium Niagara
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Tridium Niagara
Last RevisedOctober 30, 2018
Alert CodeICSA-18-191-03
## 1. EXECUTIVE SUMMARY
-
CVSS v3 7.4
- ATTENTION: Exploitable remotely
- Vendor: Tridium
- Equipment: Niagara
- Vulnerabilities: Path Traversal, Improper Authentication
## 2. REPOSTED INFORMATION
This advisory was originally posted to the HSIN ICS-CERT library on July 10, 2018, and is being released to the NCCIC/ICS-CERT website.
## 3. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to read, write, and delete sensitive files to gain administrator privileges on
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-08-20
Published