An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTridium Niagara
APPTridium≤ 4.4Tridium Niagara Ax Framework
APPTridium≤ 3.8
Related vulnerabilities
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Wind...
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Ni...
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridi...
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4...
Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara ...