I/A Series G3 Security Alert &ndash; Directory Traversal and Weak Credential Storage Vulnerability and default encoding of credentials in authentication cookies

Notifications

Join our "Ask Me About" community webinar on May 20th at 9 AM CET and 5 PM CET to explore cybersecurity and monitoring for Data Center and edge IT. Learn about market trends, cutting-edge technologies, and best practices from industry experts.
Register and secure your Critical IT infrastructure

Building Automation Knowledge Base

Schneider Electric Building Automation Knowledge Base is a self-service resource to answer all your questions about EcoStruxure Building suite, Andover Continuum, Satchwell, TAC…

Invite a Co-worker

Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.

Send Invite Cancel

Related Forums

Intelligent Devices Forum

Previous Next

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague

Back to Building Automation Knowledge Base

1080 Views

Link copied. Please paste this link to share this article on your social media post.

Trying to translate this page to your language?

Select your language from the translate dropdown in the upper right.

Translate to: English

Issue

I/A Series G3 Security Alert – Directory Traversal and Weak Credential Storage Vulnerability and default encoding of credentials in authentication cookies

Environment

I/A Series G3 – All Versions

Cause

Recently, independent security researchers Billy Rios and Terry McCorkle notified ICS-CERT of a directory traversal and weak credential storage vulnerability with proof-of-concept (PoC) exploit code for the I/A Series G3 software. This vulnerability could affect systems if not properly configured.

ICS-ALERT-12-195-01
TRIDIUM NIAGARA DIRECTORY TRAVERSAL AND WEAK CREDENTIAL STORAGE VULNERABILITY

Resolution

Download and review TPA-IA-12-0003.02 Technical Product Advisory that outlines how to verify if a system is properly configured to protect against directory traversal. Schneider Electric strongly urges you to review the TPA, assess the status of the system configuration and take the prescribed steps to secure if necessary.

To The Top!

I/A Series G3 Security Alert &amp;ndash; Directory Traversal and Weak Credential Storage Vulnerability and default encoding of credentials in authentication cookies

Related Forums

Intelligent Devices Forum