Tridium NiagaraAX Directory Traversal Vulnerability

Low RiskICS-CERT ICSA-13-045-01Nov 18, 2013

Summary

Tridium NiagaraAX contains a directory traversal vulnerability in its web interface that allows an unauthenticated attacker to read arbitrary files from the server. By sending specially crafted requests with path traversal sequences, an attacker can access files outside the intended web root, including system files, configuration data, and potentially hardcoded credentials used in building automation workflows.

What this means

What could happen

An attacker with network access could read arbitrary files from the NiagaraAX server through directory traversal, potentially exposing sensitive configuration, credentials, or control logic that could be used to compromise building automation systems.

Who's at risk

Building automation operators and facilities managers running Tridium NiagaraAX systems, including HVAC, lighting, and occupancy control implementations. Any organization using NiagaraAX for site-wide building management is affected regardless of version.

How it could be exploited

An attacker sends a crafted HTTP request with directory traversal sequences (e.g., ../ or encoded variants) to the NiagaraAX web interface, bypassing path validation to access files outside the intended web root directory.

Prerequisites

Network access to the NiagaraAX web interface (typically port 8080 or 443)
No authentication required

remotely exploitableno authentication requiredno patch availabledefault credentials common in building automation

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (1)

ProductAffected VersionsFix Status

Tridium NiagaraAX: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDeploy a reverse proxy or web application firewall in front of NiagaraAX to filter requests containing directory traversal sequences (../, ..\, and URL-encoded variants)

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor NiagaraAX access logs for requests containing traversal patterns and alert on suspicious file access attempts

HARDENINGLimit NiagaraAX service account privileges to only files and directories required for operation

Mitigations - no patch available

0/1

Tridium NiagaraAX: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict access to NiagaraAX administrative interfaces from only trusted engineering workstations and control rooms

CVEs (1)

CVE-2012-4701

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/aa44fcdc-eadd-4a2c-9046-fe79aa994a2f