{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-21T13:10:20.064","vulnerabilities":[{"cve":{"id":"CVE-2012-4027","sourceIdentifier":"cve@mitre.org","published":"2012-07-16T20:55:04.957","lastModified":"2026-06-16T23:44:17.933","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en Tridium Niagara AX Framework permite a atacantes remotos leer archivos fuera de las imágenes deseadas, nav, y carpetas de píxeles mediante el aprovechamiento de permisos incorrectos, como lo demuestra la lectura del archivo config.bog."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tridium:niagara_ax:*:*:*:*:*:*:*:*","matchCriteriaId":"EEF1B8B7-44B6-4F10-AED2-348BA097AD71"}]}]}],"references":[{"url":"http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html","source":"cve@mitre.org","tags":["Permissions Required"]},{"url":"https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf","source":"cve@mitre.org","tags":["Broken Link","Vendor Advisory"]},{"url":"http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"]}]}}]}