Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities
Tridium Niagara is prone to directory-traversal vulnerability and authentication-bypass vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow an attacker to bypass authentication and perform unauthorized actions on the affected application, and to obtain sensitive information that could aid in further attacks.
The following products are affected:
Niagara AX Framework Version 3.8 and prior.
Niagara 4 Framework Versions 4.4 and prior.