CVE-2017-16744

Summary

A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.

Affected Software

VendorProductVersion RangeStatus
ICS-CERTNiagara AX Framework and Niagara 4 FrameworkNiagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prioraffected

Weaknesses

  • CWE-22: IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22

ADP Enrichment

CVE Program Container

Additional References

References