Vulnerability Description
An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tridium | Niagara | <= 4.4 |
| Tridium | Niagara Ax Framework | <= 3.8 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105101Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03Third Party AdvisoryUS Government ResourceVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01
- http://www.securityfocus.com/bid/105101Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03Third Party AdvisoryUS Government ResourceVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01
FAQ
What is CVE-2017-16748?
CVE-2017-16748 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, gran...
How severe is CVE-2017-16748?
CVE-2017-16748 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-16748?
Check the references section above for vendor advisories and patch information. Affected products include: Tridium Niagara, Tridium Niagara Ax Framework.