Issue
I/A Series G3 Security Alert – Directory Traversal and Weak Credential Storage Vulnerability and default encoding of credentials in authentication cookies
Environment
I/A Series G3 – All Versions
Cause
Recently, independent security researchers Billy Rios and Terry McCorkle notified ICS-CERT of a directory traversal and weak credential storage vulnerability with proof-of-concept (PoC) exploit code for the I/A Series G3 software. This vulnerability could affect systems if not properly configured.
ICS-ALERT-12-195-01
TRIDIUM NIAGARA DIRECTORY TRAVERSAL AND WEAK CREDENTIAL STORAGE VULNERABILITY
Resolution
Download and review TPA-IA-12-0003.02 Technical Product Advisory that outlines how to verify if a system is properly configured to protect against directory traversal. Schneider Electric strongly urges you to review the TPA, assess the status of the system configuration and take the prescribed steps to secure if necessary.