Tridium NiagaraAX Framework contains a flaw that is triggered by the program storing credential information in plaintext when transferring it in cookies. This may allow a remote attacker to gain access to credential information by sniffing the network.
It has been reported that this issue has been fixed. The vendor reportedly released fixed versions in August of 2013 to address this vulnerability. In addition, the vendor has released a patch for some older versions.