CRITICAL🇵🇱 Wersja polska

CVE-2017-16748

CVSS 9.8v3.0pub. 2018-08-20upd. 2024-11-21

An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tridium Niagara

    APP
    Tridium
    ≤ 4.4
  • Tridium Niagara Ax Framework

    APP
    Tridium
    ≤ 3.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-3937HIGH7.7ten sam produkt

Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Wind...

CVE-2025-3945HIGH7.2ten sam produkt

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Ni...

CVE-2025-3944HIGH7.2ten sam produkt

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridi...

CVE-2017-16744HIGH7.2ten sam produkt

A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4...

CVE-2025-3938MEDIUM6.8ten sam produkt

Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara ...