VAR-201808-0129
Vulnerability from variot - Updated: 2023-12-18 13:33An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system. Niagara The platform contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tridium Niagara AX Framework and Niagara 4 Framework are both IoT business application frameworks from Tridium. Tridium Niagara is prone to directory-traversal vulnerability and authentication-bypass vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to bypass authentication and perform unauthorized actions on the affected application, and to obtain sensitive information that could aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0129",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "niagara",
"scope": "lte",
"trust": 1.8,
"vendor": "tridium",
"version": "4.4"
},
{
"model": "niagara ax framework",
"scope": "lte",
"trust": 1.8,
"vendor": "tridium",
"version": "3.8"
},
{
"model": "niagara ax framework",
"scope": "eq",
"trust": 0.9,
"vendor": "tridium",
"version": "3.8"
},
{
"model": "niagara ax framework",
"scope": "lte",
"trust": 0.6,
"vendor": "tridium",
"version": "\u003c=3.8"
},
{
"model": "niagara framework",
"scope": "eq",
"trust": 0.6,
"vendor": "tridium",
"version": "4\u003c=4.4"
},
{
"model": "niagara",
"scope": "eq",
"trust": 0.6,
"vendor": "tridium",
"version": "4.4"
},
{
"model": "framework",
"scope": "eq",
"trust": 0.3,
"vendor": "tridium",
"version": "44.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "niagara",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "niagara ax framework",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f81210-39ab-11e9-ad51-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15732"
},
{
"db": "BID",
"id": "105101"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009181"
},
{
"db": "NVD",
"id": "CVE-2017-16748"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-569"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tridium:niagara:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tridium:niagara_ax_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16748"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Johnathan Gains and Leet Cyber Security.",
"sources": [
{
"db": "BID",
"id": "105101"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-569"
}
],
"trust": 0.9
},
"cve": "CVE-2017-16748",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-16748",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2018-15732",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "e2f81210-39ab-11e9-ad51-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-16748",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16748",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-15732",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-569",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f81210-39ab-11e9-ad51-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-16748",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f81210-39ab-11e9-ad51-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15732"
},
{
"db": "VULMON",
"id": "CVE-2017-16748"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009181"
},
{
"db": "NVD",
"id": "CVE-2017-16748"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-569"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system. Niagara The platform contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tridium Niagara AX Framework and Niagara 4 Framework are both IoT business application frameworks from Tridium. Tridium Niagara is prone to directory-traversal vulnerability and authentication-bypass vulnerability because the application fails to sufficiently sanitize user-supplied input. \nExploiting these issues may allow an attacker to bypass authentication and perform unauthorized actions on the affected application, and to obtain sensitive information that could aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16748"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009181"
},
{
"db": "CNVD",
"id": "CNVD-2018-15732"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-569"
},
{
"db": "BID",
"id": "105101"
},
{
"db": "IVD",
"id": "e2f81210-39ab-11e9-ad51-000c29342cb1"
},
{
"db": "VULMON",
"id": "CVE-2017-16748"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16748",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-191-03",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-022-01",
"trust": 2.8
},
{
"db": "BID",
"id": "105101",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2018-15732",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-569",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009181",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F81210-39AB-11E9-AD51-000C29342CB1",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-16748",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f81210-39ab-11e9-ad51-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15732"
},
{
"db": "VULMON",
"id": "CVE-2017-16748"
},
{
"db": "BID",
"id": "105101"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009181"
},
{
"db": "NVD",
"id": "CVE-2017-16748"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-569"
}
]
},
"id": "VAR-201808-0129",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f81210-39ab-11e9-ad51-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15732"
}
],
"trust": 1.52385621
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f81210-39ab-11e9-ad51-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15732"
}
]
},
"last_update_date": "2023-12-18T13:33:44.187000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.tridium.com/"
},
{
"title": "Patch for Tridium Niagara AX Framework and Niagara 4 Framework Authentication Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/138005"
},
{
"title": "Tridium Niagara AX Framework and Niagara 4 Framework Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84155"
},
{
"title": "CVE-2017-16744-and-CVE-2017-16748-Tridium-Niagara",
"trust": 0.1,
"url": "https://github.com/gainsec/cve-2017-16744-and-cve-2017-16748-tridium-niagara "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/khulnasoft-labs/awesome-security "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15732"
},
{
"db": "VULMON",
"id": "CVE-2017-16748"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009181"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-569"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009181"
},
{
"db": "NVD",
"id": "CVE-2017-16748"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-191-03"
},
{
"trust": 2.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-022-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105101"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16748"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16748"
},
{
"trust": 0.3,
"url": "https://www.tridium.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/gainsec/cve-2017-16744-and-cve-2017-16748-tridium-niagara"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15732"
},
{
"db": "VULMON",
"id": "CVE-2017-16748"
},
{
"db": "BID",
"id": "105101"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009181"
},
{
"db": "NVD",
"id": "CVE-2017-16748"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-569"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f81210-39ab-11e9-ad51-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15732"
},
{
"db": "VULMON",
"id": "CVE-2017-16748"
},
{
"db": "BID",
"id": "105101"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009181"
},
{
"db": "NVD",
"id": "CVE-2017-16748"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-569"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "IVD",
"id": "e2f81210-39ab-11e9-ad51-000c29342cb1"
},
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15732"
},
{
"date": "2018-08-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-16748"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105101"
},
{
"date": "2018-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009181"
},
{
"date": "2018-08-20T21:29:00.807000",
"db": "NVD",
"id": "CVE-2017-16748"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-569"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15732"
},
{
"date": "2019-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-16748"
},
{
"date": "2019-01-23T07:00:00",
"db": "BID",
"id": "105101"
},
{
"date": "2019-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009181"
},
{
"date": "2019-04-03T22:29:00.650000",
"db": "NVD",
"id": "CVE-2017-16748"
},
{
"date": "2019-04-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-569"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-569"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Niagara Authentication vulnerabilities in the platform",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009181"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-569"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…