CVE-2017-16748

Summary

An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.

Affected Software

VendorProductVersion RangeStatus
ICS-CERTNiagara AX Framework and Niagara 4 FrameworkNiagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prioraffected

Weaknesses

  • CWE-287: IMPROPER AUTHENTICATION CWE-287

ADP Enrichment

CVE Program Container

Additional References

References