Knowledge Base
cancel
Showing results for 
Search instead for 
Did you mean: 

I/A Series G3 Security Alert – Directory Traversal and Weak Credential Storage Vulnerability and default encoding of credentials in authentication cookies

Issue

I/A Series G3 Security Alert – Directory Traversal and Weak Credential Storage Vulnerability and default encoding of credentials in authentication cookies

Environment

I/A Series G3 – All Versions

Cause

Recently, independent security researchers Billy Rios and Terry McCorkle notified ICS-CERT of a directory traversal and weak credential storage vulnerability with proof-of-concept (PoC) exploit code for the I/A Series G3 software.  This vulnerability could affect systems if not properly configured.

ICS-ALERT-12-195-01
TRIDIUM NIAGARA DIRECTORY TRAVERSAL AND WEAK CREDENTIAL STORAGE VULNERABILITY

Resolution

Download and review TPA-IA-12-0003.02 Technical Product Advisory that outlines how to verify if a system is properly configured to protect against directory traversal.  Schneider Electric strongly urges you to review the TPA, assess the status of the system configuration and take the prescribed steps to secure if necessary.

Tags (1)
Labels (1)
Version history
Revision #:
2 of 2
Last update:
‎2018-09-10 12:37 PM
Updated by:
 
Contributors