{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-02-15T11:00:00Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2012-4701", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf"}, {"name": "https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013", "refsource": "CONFIRM", "url": "https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:42:54.989Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2012-4701", "datePublished": "2013-02-15T11:00:00Z", "dateReserved": "2012-08-28T00:00:00Z", "dateUpdated": "2024-09-17T01:31:31.291Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tridium:niagara_ax:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "5F2BEB15-BFB9-4936-A5CB-F1E2B35D2482", "vulnerable": true}, {"criteria": "cpe:2.3:a:tridium:niagara_ax:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "B21BACBE-5117-49FB-8BCF-8499716C345C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tridium:niagara_ax:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "5A9B9834-10D8-47A7-981A-1947342C1E81", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature."}, {"lang": "es", "value": "Vulnerabilidad de directorio trasversal en Tridium Niagara AX v3.5, v3.6, y v3.7 que permite ataques remotos para la lectura de ficheros y ejecutar c\u00f3digo haciendo uso de la validaci\u00f3n de credenciales."}], "id": "CVE-2012-4701", "lastModified": "2023-03-22T14:11:31.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-02-15T12:09:27.773", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Broken Link", "Third Party Advisory", "US Government Resource"], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Broken Link"], "url": "https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}