Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_GENERIC_CVE-2017-16744.NASL
HistoryMar 21, 2023 - 12:00 a.m.

Tridium Niagara Improper Limitation of a Pathname to a Restricted Directory (CVE-2017-16744)

2023-03-2100:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
tridium
niagara
path traversal
vulnerability
microsoft windows
credentials
security focus
ics-cert
cisa
update
mitigation
exploits
cve-2017-16744
asset bag

AI Score

7.7

Confidence

High

EPSS

0.003

Percentile

65.6%

JSON

A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500891);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");

  script_cve_id("CVE-2017-16744");

  script_name(english:"Tridium Niagara Improper Limitation of a Pathname to a Restricted Directory (CVE-2017-16744)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and
prior and Niagara 4 systems Versions 4.4 and prior installed on
Microsoft Windows Systems can be exploited by leveraging valid
platform (administrator) credentials.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/105101");
  script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03");
  script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Tridium has recommended the following mitigation:

- Niagara AX v3.8: Apply Update 4 release (3.8.401), and
- Niagara 4 Framework v4.4: Apply Update 1 release (4.4.92.2.1).

For more information about these updates, please refer to the provided link:

https://www.tridium.com/~/media/tridium/library/documents/niagara%20ax%2038%20update%204niagara%2044%20update%201.ashx?l
a=en");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-16744");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(22);

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara_ax_framework");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/assetBag");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/assetBag');

var asset = tenable_ot::assets::get(hasAssetBag:TRUE);

var vuln_cpes = {
    "cpe:/a:tridium:niagara" :
        {"versionEndIncluding" : "4.4", "versionStartIncluding" : "4.0", "family" : "Niagara"},
    "cpe:/a:tridium:niagara_ax_framework" :
        {"versionEndIncluding" : "3.8", "family" : "Niagara"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Related

cve 1
nessus 1
nvd 1
cvelist 1
prion 1
ics 2
cve
cve
CVE-2017-16744
2018-08-20 21:29:00
nessus
nessus
Tridium Niagara Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
2020-08-10 00:00:00
nvd
nvd
CVE-2017-16744
2018-08-20 21:29:00
cvelist
cvelist
CVE-2017-16744
2018-08-20 21:00:00
prion
prion
Path traversal
2018-08-20 21:29:00
ics
ics
Johnson Controls Facility Explorer
2019-01-22 12:00:00
Tridium Niagara
2018-10-30 12:00:00

AI Score

7.7

Confidence

High

EPSS

0.003

Percentile

65.6%

JSON
Related for TENABLE_OT_GENERIC_CVE-2017-16744.NASL
cve1nessus1nvd1cvelist1prion1ics2