cbcvebase.
CVE-2018-18985
published 2019-01-29

CVE-2018-18985: Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions…

PriorityP425medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
0.97%
57.6th percentile
Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.

Affected

7 ranges
VendorProductVersion rangeFixed in
tridiumniagara< 4.4.93.40.24.4.93.40.2
tridiumniagara
tridiumniagara>= 4.6 < 4.6.96.28.44.6.96.28.4
tridiumniagara_ax_framework< 3.8.401.13.8.401.1
tridiumniagara_ax_framework
tridiumniagara_enterprise_security< 2.3.118.62.3.118.6
tridiumniagara_enterprise_security

CVSS provenance

nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.