GainSec/CVE-2017-16744-and-CVE-2017-16748-Tridium-Niagara

Proof of Concept (PoC) for CVE: 2017-16744 and 2017-16748

PoC for CVE-2017-16744 and CVE-2017-16748

• Proof of Concept (PoC)
• CVE: 2017-16744 and 2017-16748
• Date: 09/09/2019
• Exploit Author: GainSec - Jon Gaines
• Vendor Homepage: https://www.tridium.com/
• Version: Affects Tridium Niagara AX Versions: 3.8 and prior as well as Niagara 4 Versions: 4.4 and prior
• Discovered, Reported and PoC'd by Jon Gaines of GainSec & nVisium; Formerly of Stratum Security and Leet Cyber Security

More Information

• https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03
• https://nvd.nist.gov/vuln/detail/CVE-2017-16744
• https://nvd.nist.gov/vuln/detail/CVE-2017-16748
• https://vuldb.com/?id.123046

Prerequisites

Python 3

Authors

• Jon Gaines - Initial work - GainSec

License

This project is licensed under the GNU License - see the LICENSE.md file for details

Acknowledgments

• https://blog.stratumsecurity.com/2018/09/06/cve-2017-16744-and-cve-2017-16748/