I/A Series G3 Security Alert &ndash; Directory Traversal and Weak Credential Storage Vulnerability and default encoding of credentials in authentication cookies

Notifications

Community

Notifications

Categories
Forums
Knowledge Center
Blogs
Ideas
Events & Webinars

Share Your Feedback – Help Us Improve Search on Community!
Please take a few minutes to participate in our Search Feedback Survey. Your insights will help us deliver the results you need faster and more accurately.
Click here to take the survey

Building Automation Knowledge Base

Schneider Electric Building Automation Knowledge Base is a self-service resource to answer all your questions about EcoStruxure Building suite, Andover Continuum, Satchwell, TAC…

Search in

Invite a Co-worker

Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.

Send Invite Cancel

Related Forums

Intelligent Devices Forum

Previous Next

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague

Back to Building Automation Knowledge Base

Start a Topic

1291 Views

Link copied. Please paste this link to share this article on your social media post.

Trying to translate this page to your language?

Select your language from the translate dropdown in the upper right.

Translate to: English

Issue

I/A Series G3 Security Alert – Directory Traversal and Weak Credential Storage Vulnerability and default encoding of credentials in authentication cookies

Environment

I/A Series G3 – All Versions

Cause

Recently, independent security researchers Billy Rios and Terry McCorkle notified ICS-CERT of a directory traversal and weak credential storage vulnerability with proof-of-concept (PoC) exploit code for the I/A Series G3 software. This vulnerability could affect systems if not properly configured.

ICS-ALERT-12-195-01
TRIDIUM NIAGARA DIRECTORY TRAVERSAL AND WEAK CREDENTIAL STORAGE VULNERABILITY

Resolution

Download and review TPA-IA-12-0003.02 Technical Product Advisory that outlines how to verify if a system is properly configured to protect against directory traversal. Schneider Electric strongly urges you to review the TPA, assess the status of the system configuration and take the prescribed steps to secure if necessary.

You’ve reached the end of your document

Ask our Experts

Didn't find what you are looking for? Ask our experts!

My Dashboard

Check out the new Feeds and activities that are relevant to you.