Tridium Niagara Vulnerabilities

CVSS 5.0 MEDIUM

CVEs (1)

CVE-2012-4027

To mitigate the decoding of passwords listed in the config.bog file, Tridium recommends that security settings for file access be assigned only at the administrator level. Instructions for configuring these settings are included in the July 13 Security AlertTridium Announcements, (http://www.tridium.com/cs/tridium_news/security) from Tridium. In addition, Tridium has issued a patch that prevents access to the config.bog file and backups of the file from network facing clients.
The patch can be found at this URL: (https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_3.5_and_3.6_Security_Patches)
In addition to the security updates released by Tridium in August, 2012 and February, 2013 to address the issues in this advisory, Tridium has now issued a product update that further enhances the security of the Niagara AX Framework as part of the company’s normal product release process.

Tridium

Tridium · Niagara AX Framework software products vers:all/*

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.