Vulnerabilites related to tridium - niagara
Vulnerability from fkie_nvd
Published
2025-05-22 13:15
Modified
2025-06-04 19:52
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@honeywell.com | https://docs.niagara-community.com/category/tech_bull | Permissions Required | |
| psirt@honeywell.com | https://www.honeywell.com/us/en/product-security#security-notices | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | 4.10u10 | |
| tridium | niagara | 4.14u1 | |
| tridium | niagara | 4.15 | |
| tridium | niagara_enterprise_security | 4.10u10 | |
| tridium | niagara_enterprise_security | 4.14u1 | |
| tridium | niagara_enterprise_security | 4.15 | |
| blackberry | qnx | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "0615B9FA-E837-4C21-8968-F3273718DF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE26A6F-876E-450D-8A5F-EF4A3EF96A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "00C6667A-9873-4A75-AB11-3427AA1E552D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "E694C4DB-66F7-4753-81D8-9085B5E3A207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "506E75F5-D259-4BAC-9C1A-83C9AD54D608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF70636-5B89-4646-80F3-83C906B0EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3642981A-848E-4DEA-A904-A83B9ED4891D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso de hash de contrase\u00f1a con esfuerzo computacional insuficiente en Tridium Niagara Framework para Windows, Linux y QNX, Tridium Niagara Enterprise Security para Windows, Linux y QNX permite el criptoan\u00e1lisis. Este problema afecta a Niagara Framework: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11; Niagara Enterprise Security: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11. Tridium recomienda actualizar a las versiones 4.14.2u2, 4.15.u1 o 4.10u.11 de Niagara Framework y Enterprise Security."
}
],
"id": "CVE-2025-3937",
"lastModified": "2025-06-04T19:52:59.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-22T13:15:56.457",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
},
{
"source": "psirt@honeywell.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.honeywell.com/us/en/product-security#security-notices"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-916"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-916"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-20 21:29
Modified
2024-11-21 03:16
Severity ?
Summary
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/105101 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03 | Third Party Advisory, US Government Resource, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105101 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03 | Third Party Advisory, US Government Resource, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | * | |
| tridium | niagara_ax_framework | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A6232E5-26AD-4C52-B6A6-8459E85B8A4A",
"versionEndIncluding": "4.4",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_ax_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A005B024-6358-4533-BE31-AA229B1B6084",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en sistemas Tridium Niagara AX en versiones 3.8 y anteriores y Niagara 4 en versiones 4.4 y anteriores instalados en sistemas de Microsoft WIndows se puede explotar utilizando unas credenciales v\u00e1lidas de la plataforma (admin)."
}
],
"id": "CVE-2017-16744",
"lastModified": "2024-11-21T03:16:53.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-20T21:29:00.683",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105101"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-20 21:29
Modified
2024-11-21 03:16
Severity ?
Summary
An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/105101 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03 | Third Party Advisory, US Government Resource, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105101 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03 | Third Party Advisory, US Government Resource, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | * | |
| tridium | niagara_ax_framework | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F34EB1B8-23E2-46B3-8395-4703C5B3AD36",
"versionEndIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_ax_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A005B024-6358-4533-BE31-AA229B1B6084",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system."
},
{
"lang": "es",
"value": "Un atacante puede iniciar sesi\u00f3n en la plataforma Niagara local (Niagara AX Framework en versiones 3.8 y anteriores y Niagara 4 en versiones 4.4 y anteriores) utilizando un nombre de cuenta deshabilitado y una contrase\u00f1a en blanco, concediendo al atacante el acceso de administrador al sistema Niagara."
}
],
"id": "CVE-2017-16748",
"lastModified": "2024-11-21T03:16:53.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-20T21:29:00.807",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105101"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-22 13:15
Modified
2025-06-04 19:27
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@honeywell.com | https://docs.niagara-community.com/category/tech_bull | Permissions Required | |
| psirt@honeywell.com | https://honeywell.com/us/en/product-security#security-notices | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | 4.10u10 | |
| tridium | niagara | 4.14u1 | |
| tridium | niagara | 4.15 | |
| tridium | niagara_enterprise_security | 4.10u10 | |
| tridium | niagara_enterprise_security | 4.14u1 | |
| tridium | niagara_enterprise_security | 4.15 | |
| blackberry | qnx | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "0615B9FA-E837-4C21-8968-F3273718DF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE26A6F-876E-450D-8A5F-EF4A3EF96A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "00C6667A-9873-4A75-AB11-3427AA1E552D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "E694C4DB-66F7-4753-81D8-9085B5E3A207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "506E75F5-D259-4BAC-9C1A-83C9AD54D608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF70636-5B89-4646-80F3-83C906B0EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3642981A-848E-4DEA-A904-A83B9ED4891D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
},
{
"lang": "es",
"value": "Vulnerabilidad en el uso del m\u00e9todo de solicitud GET con cadenas de consulta sensibles en Tridium Niagara Framework para Windows, Linux y QNX, Tridium Niagara Enterprise Security para Windows, Linux y QNX permite la inyecci\u00f3n de par\u00e1metros. Este problema afecta a Niagara Framework: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11; y Niagara Enterprise Security: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11. Tridium recomienda actualizar a las versiones 4.14.2u2, 4.15.u1 o 4.10u.11 de Niagara Framework y Enterprise Security."
}
],
"id": "CVE-2025-3943",
"lastModified": "2025-06-04T19:27:46.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-22T13:15:57.257",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
},
{
"source": "psirt@honeywell.com",
"tags": [
"Vendor Advisory"
],
"url": "https://honeywell.com/us/en/product-security#security-notices"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-598"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-29 16:29
Modified
2024-11-21 03:56
Severity ?
Summary
Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/106530 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106530 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | * | |
| tridium | niagara | * | |
| tridium | niagara | 4.4u2 | |
| tridium | niagara_ax_framework | * | |
| tridium | niagara_ax_framework | 3.8u4 | |
| tridium | niagara_enterprise_security | * | |
| tridium | niagara_enterprise_security | 2.3u1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F91AE04-D218-4A1A-AA9C-64BEC0351058",
"versionEndExcluding": "4.4.93.40.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6265A9D-2E4C-46CD-BE33-ECB5A65678FE",
"versionEndExcluding": "4.6.96.28.4",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.4u2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A337C58-8D5B-4BA2-A916-8551F9B1B141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_ax_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3E8353-123A-45C3-B439-6A40B4A3AF1A",
"versionEndExcluding": "3.8.401.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_ax_framework:3.8u4:*:*:*:*:*:*:*",
"matchCriteriaId": "B98B5F7F-75AF-46FE-9A76-66EF4D9A3A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE72BEA5-3F11-4CCC-BE8D-5CB887292D64",
"versionEndExcluding": "2.3.118.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:2.3u1:*:*:*:*:*:*:*",
"matchCriteriaId": "61618B9B-80C1-4B48-974C-4E9A7E692AFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality."
},
{
"lang": "es",
"value": "Tridium Niagara Enterprise Security 2.3u1, en todas las versiones anteriores a la 2.3.118.6; Niagara AX 3.8u4, en todas las versiones anteriores a la 3.8.401.1; Niagara 4.4u2, en todas las versiones anteriores a la 4.4.93.40.2 y Niagara 4.6, en todas las versiones anteriores a la 4.6.96.28.4, contienen una vulnerabilidad Cross-Site Scripting (XSS) que podr\u00eda permitir que un atacante remoto inyecte c\u00f3digo en algunas p\u00e1ginas web, lo que afecta a la confidencialidad."
}
],
"id": "CVE-2018-18985",
"lastModified": "2024-11-21T03:56:59.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-29T16:29:00.483",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106530"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-22 13:15
Modified
2025-06-04 19:28
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@honeywell.com | https://docs.niagara-community.com/category/tech_bull | Permissions Required | |
| psirt@honeywell.com | https://www.honeywell.com/us/en/product-security#security-notices | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | 4.10u10 | |
| tridium | niagara | 4.14u1 | |
| tridium | niagara | 4.15 | |
| tridium | niagara_enterprise_security | 4.10u10 | |
| tridium | niagara_enterprise_security | 4.14u1 | |
| tridium | niagara_enterprise_security | 4.15 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "0615B9FA-E837-4C21-8968-F3273718DF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE26A6F-876E-450D-8A5F-EF4A3EF96A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "00C6667A-9873-4A75-AB11-3427AA1E552D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "E694C4DB-66F7-4753-81D8-9085B5E3A207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "506E75F5-D259-4BAC-9C1A-83C9AD54D608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF70636-5B89-4646-80F3-83C906B0EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
},
{
"lang": "es",
"value": "Manejo inadecuado de la vulnerabilidad Windows ::DATA Alternate Data Stream en Tridium Niagara Framework para Windows, Tridium Niagara Enterprise Security para Windows permite la manipulaci\u00f3n de datos de entrada. Este problema afecta a Niagara Framework: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11; Niagara Enterprise Security: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11. Tridium recomienda actualizar a Niagara Framework y Enterprise Security a las versiones 4.14.2u2, 4.15.u1 o 4.10u.11."
}
],
"id": "CVE-2025-3941",
"lastModified": "2025-06-04T19:28:23.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-22T13:15:57.000",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
},
{
"source": "psirt@honeywell.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.honeywell.com/us/en/product-security#security-notices"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-69"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-706"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-22 13:15
Modified
2025-06-04 19:27
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@honeywell.com | https://docs.niagara-community.com/category/tech_bull | Permissions Required | |
| psirt@honeywell.com | https://www.honeywell.com/us/en/product-security#security-notices | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | 4.10u10 | |
| tridium | niagara | 4.14u1 | |
| tridium | niagara | 4.15 | |
| tridium | niagara_enterprise_security | 4.10u10 | |
| tridium | niagara_enterprise_security | 4.14u1 | |
| tridium | niagara_enterprise_security | 4.15 | |
| blackberry | qnx | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "0615B9FA-E837-4C21-8968-F3273718DF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE26A6F-876E-450D-8A5F-EF4A3EF96A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "00C6667A-9873-4A75-AB11-3427AA1E552D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "E694C4DB-66F7-4753-81D8-9085B5E3A207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "506E75F5-D259-4BAC-9C1A-83C9AD54D608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF70636-5B89-4646-80F3-83C906B0EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3642981A-848E-4DEA-A904-A83B9ED4891D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
},
{
"lang": "es",
"value": "Vulnerabilidad de asignaci\u00f3n incorrecta de permisos para recursos cr\u00edticos en Tridium Niagara Framework en QNX, Tridium Niagara Enterprise Security en QNX permite la manipulaci\u00f3n de archivos. Este problema afecta a Niagara Framework: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11; Niagara Enterprise Security: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11. Tridium recomienda actualizar a Niagara Framework y Enterprise Security a las versiones 4.14.2u2, 4.15.u1 o 4.10u.11."
}
],
"id": "CVE-2025-3944",
"lastModified": "2025-06-04T19:27:07.777",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-22T13:15:57.387",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
},
{
"source": "psirt@honeywell.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.honeywell.com/us/en/product-security#security-notices"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-22 13:15
Modified
2025-06-04 19:27
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | 4.10u10 | |
| tridium | niagara | 4.14u1 | |
| tridium | niagara | 4.15 | |
| tridium | niagara_enterprise_security | 4.10u10 | |
| tridium | niagara_enterprise_security | 4.14u1 | |
| tridium | niagara_enterprise_security | 4.15 | |
| blackberry | qnx | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "0615B9FA-E837-4C21-8968-F3273718DF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE26A6F-876E-450D-8A5F-EF4A3EF96A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "00C6667A-9873-4A75-AB11-3427AA1E552D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "E694C4DB-66F7-4753-81D8-9085B5E3A207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "506E75F5-D259-4BAC-9C1A-83C9AD54D608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF70636-5B89-4646-80F3-83C906B0EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3642981A-848E-4DEA-A904-A83B9ED4891D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n de salida incorrecta para registros en Tridium Niagara Framework (Windows, Linux, QNX) y Tridium Niagara Enterprise Security (Windows, Linux, QNX) permite la manipulaci\u00f3n de datos de entrada. Este problema afecta a Niagara Framework: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11; y a Niagara Enterprise Security: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11. Tridium recomienda actualizar a las versiones 4.14.2u2, 4.15.u1 o 4.10u.11 de Niagara Framework y Enterprise Security."
}
],
"id": "CVE-2025-3942",
"lastModified": "2025-06-04T19:27:59.903",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-22T13:15:57.123",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.honeywell.com/us/en/product-security#security-notices"
},
{
"source": "psirt@honeywell.com",
"tags": [
"Product"
],
"url": "https://www.tridium.com/us/en/product-security"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-117"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-22 13:15
Modified
2025-06-04 19:29
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@honeywell.com | https://docs.niagara-community.com/category/tech_bull | Permissions Required | |
| psirt@honeywell.com | https://honeywell.com/us/en/product-security#security-notices | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | 4.10u10 | |
| tridium | niagara | 4.14u1 | |
| tridium | niagara | 4.15 | |
| tridium | niagara_enterprise_security | 4.10u10 | |
| tridium | niagara_enterprise_security | 4.14u1 | |
| tridium | niagara_enterprise_security | 4.15 | |
| blackberry | qnx | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "0615B9FA-E837-4C21-8968-F3273718DF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE26A6F-876E-450D-8A5F-EF4A3EF96A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "00C6667A-9873-4A75-AB11-3427AA1E552D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "E694C4DB-66F7-4753-81D8-9085B5E3A207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "506E75F5-D259-4BAC-9C1A-83C9AD54D608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF70636-5B89-4646-80F3-83C906B0EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3642981A-848E-4DEA-A904-A83B9ED4891D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
},
{
"lang": "es",
"value": "Vulnerabilidad de discrepancia de respuesta observable en Tridium Niagara Framework para Windows, Linux y QNX, Tridium Niagara Enterprise Security para Windows, Linux y QNX permite el criptoan\u00e1lisis. Este problema afecta a Niagara Framework: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11; Niagara Enterprise Security: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11. Tridium recomienda actualizar a las versiones 4.14.2u2, 4.15.u1 o 4.10u.11 de Niagara Framework y Enterprise Security."
}
],
"id": "CVE-2025-3939",
"lastModified": "2025-06-04T19:29:21.973",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-22T13:15:56.723",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
},
{
"source": "psirt@honeywell.com",
"tags": [
"Vendor Advisory"
],
"url": "https://honeywell.com/us/en/product-security#security-notices"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-13 15:15
Modified
2024-11-21 05:03
Severity ?
Summary
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | 4.6.96.28 | |
| tridium | niagara | 4.7.109.20 | |
| tridium | niagara | 4.7.110.32 | |
| tridium | niagara | 4.8.0.110 | |
| tridium | niagara_enterprise_security | 2.4.31 | |
| tridium | niagara_enterprise_security | 2.4.45 | |
| tridium | niagara_enterprise_security | 4.8.0.35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:4.6.96.28:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE59D43-F845-44C6-80A3-40686FB6B7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.7.109.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A698D4D5-FD34-48C3-AEBF-B0806CBAE911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.7.110.32:*:*:*:*:*:*:*",
"matchCriteriaId": "739E2E10-64B0-4E89-AAC8-672D8DFF8125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.8.0.110:*:*:*:*:*:*:*",
"matchCriteriaId": "542AFB62-67B4-41EB-8EAB-E0AE03FB3787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:2.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "1041ABDB-833F-4997-A89C-CA62A00C0320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:2.4.45:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE6A8CE-0337-49FD-AB77-FADB278C29D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.8.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "59DB62B3-981E-4337-A03A-76AB2305681D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct."
},
{
"lang": "es",
"value": "Un tiempo de espera durante un protocolo de enlace TLS puede resultar en que la conexi\u00f3n falle al terminar. Esto puede resultar en un bloqueo del hilo o subproceso de Niagara y requiere un reinicio manual de Niagara (versiones 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) y Niagara Enterprise Security (versiones 2.4.31, 2.4.45, 4.8.0.35 ) parra corregir"
}
],
"id": "CVE-2020-14483",
"lastModified": "2024-11-21T05:03:22.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-13T15:15:12.377",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1088"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-22 13:15
Modified
2025-06-04 19:53
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@honeywell.com | https://docs.niagara-community.com/category/tech_bull | Permissions Required | |
| psirt@honeywell.com | https://www.honeywell.com/us/en/product-security#security-notices | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | 4.10u10 | |
| tridium | niagara | 4.14u1 | |
| tridium | niagara | 4.15 | |
| tridium | niagara_enterprise_security | 4.10u10 | |
| tridium | niagara_enterprise_security | 4.14u1 | |
| tridium | niagara_enterprise_security | 4.15 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "0615B9FA-E837-4C21-8968-F3273718DF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE26A6F-876E-450D-8A5F-EF4A3EF96A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "00C6667A-9873-4A75-AB11-3427AA1E552D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "E694C4DB-66F7-4753-81D8-9085B5E3A207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "506E75F5-D259-4BAC-9C1A-83C9AD54D608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF70636-5B89-4646-80F3-83C906B0EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
},
{
"lang": "es",
"value": "Vulnerabilidad de asignaci\u00f3n incorrecta de permisos para recursos cr\u00edticos en Tridium Niagara Framework para Windows, Tridium Niagara Enterprise Security para Windows permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Niagara Framework: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11; Niagara Enterprise Security: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11. Tridium recomienda actualizar a las versiones 4.14.2u2, 4.15.u1 o 4.10u.11 de Niagara Framework y Enterprise Security."
}
],
"id": "CVE-2025-3936",
"lastModified": "2025-06-04T19:53:35.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-22T13:15:56.317",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
},
{
"source": "psirt@honeywell.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.honeywell.com/us/en/product-security#security-notices"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-22 13:15
Modified
2025-06-04 19:28
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@honeywell.com | https://docs.niagara-community.com/category/tech_bull | Permissions Required | |
| psirt@honeywell.com | https://honeywell.com/us/en/product-security#security-notices | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | 4.10u10 | |
| tridium | niagara | 4.14u1 | |
| tridium | niagara | 4.15 | |
| tridium | niagara_enterprise_security | 4.10u10 | |
| tridium | niagara_enterprise_security | 4.14u1 | |
| tridium | niagara_enterprise_security | 4.15 | |
| blackberry | qnx | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "0615B9FA-E837-4C21-8968-F3273718DF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE26A6F-876E-450D-8A5F-EF4A3EF96A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "00C6667A-9873-4A75-AB11-3427AA1E552D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "E694C4DB-66F7-4753-81D8-9085B5E3A207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "506E75F5-D259-4BAC-9C1A-83C9AD54D608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF70636-5B89-4646-80F3-83C906B0EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3642981A-848E-4DEA-A904-A83B9ED4891D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
},
{
"lang": "es",
"value": "Vulnerabilidad por uso indebido del marco de validaci\u00f3n en Tridium Niagara Framework (Windows, Linux, QNX) y Tridium Niagara Enterprise Security (Windows, Linux y QNX) permite la manipulaci\u00f3n de datos de entrada. Este problema afecta a Niagara Framework: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11; y a Niagara Enterprise Security: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11. Tridium recomienda actualizar a las versiones 4.14.2u2, 4.15.u1 o 4.10u.11 de Niagara Framework y Enterprise Security."
}
],
"id": "CVE-2025-3940",
"lastModified": "2025-06-04T19:28:55.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-22T13:15:56.870",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
},
{
"source": "psirt@honeywell.com",
"tags": [
"Vendor Advisory"
],
"url": "https://honeywell.com/us/en/product-security#security-notices"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1173"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-22 13:15
Modified
2025-06-04 19:29
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@honeywell.com | https://docs.niagara-community.com/category/tech_bull | Permissions Required | |
| psirt@honeywell.com | https://www.honeywell.com/us/en/product-security#security-notices | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | 4.10u10 | |
| tridium | niagara | 4.14u1 | |
| tridium | niagara | 4.15 | |
| tridium | niagara_enterprise_security | 4.10u10 | |
| tridium | niagara_enterprise_security | 4.14u1 | |
| tridium | niagara_enterprise_security | 4.15 | |
| blackberry | qnx | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "0615B9FA-E837-4C21-8968-F3273718DF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE26A6F-876E-450D-8A5F-EF4A3EF96A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "00C6667A-9873-4A75-AB11-3427AA1E552D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "E694C4DB-66F7-4753-81D8-9085B5E3A207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "506E75F5-D259-4BAC-9C1A-83C9AD54D608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF70636-5B89-4646-80F3-83C906B0EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3642981A-848E-4DEA-A904-A83B9ED4891D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
},
{
"lang": "es",
"value": "Vulnerabilidad de paso criptogr\u00e1fico faltante en Tridium Niagara Framework para Windows, Linux y QNX, Tridium Niagara Enterprise Security para Windows, Linux y QNX permite el criptoan\u00e1lisis. Este problema afecta a Niagara Framework: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11; Niagara Enterprise Security: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11. Tridium recomienda actualizar a las versiones 4.14.2u2, 4.15.u1 o 4.10u.11 de Niagara Framework y Enterprise Security."
}
],
"id": "CVE-2025-3938",
"lastModified": "2025-06-04T19:29:35.357",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-22T13:15:56.587",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
},
{
"source": "psirt@honeywell.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.honeywell.com/us/en/product-security#security-notices"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-325"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-22 13:15
Modified
2025-06-05 14:19
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@honeywell.com | https://docs.niagara-community.com/category/tech_bull | Permissions Required | |
| psirt@honeywell.com | https://honeywell.com/us/en/product-security#security-notices | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tridium | niagara | 4.10u10 | |
| tridium | niagara | 4.14u1 | |
| tridium | niagara | 4.15 | |
| tridium | niagara_enterprise_security | 4.10u10 | |
| tridium | niagara_enterprise_security | 4.14u1 | |
| tridium | niagara_enterprise_security | 4.15 | |
| blackberry | qnx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "0615B9FA-E837-4C21-8968-F3273718DF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE26A6F-876E-450D-8A5F-EF4A3EF96A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "00C6667A-9873-4A75-AB11-3427AA1E552D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*",
"matchCriteriaId": "E694C4DB-66F7-4753-81D8-9085B5E3A207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*",
"matchCriteriaId": "506E75F5-D259-4BAC-9C1A-83C9AD54D608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF70636-5B89-4646-80F3-83C906B0EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3642981A-848E-4DEA-A904-A83B9ED4891D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando (\u0027Inyecci\u00f3n de argumentos\u0027) en Tridium Niagara Framework en QNX, Tridium Niagara Enterprise Security en QNX permite delimitadores de comandos. Este problema afecta a Niagara Framework: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11; Niagara Enterprise Security: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11. Tridium recomienda actualizar a las versiones 4.14.2u2, 4.15.u1 o 4.10u.11 de Niagara Framework y Enterprise Security."
}
],
"id": "CVE-2025-3945",
"lastModified": "2025-06-05T14:19:24.567",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-22T13:15:57.517",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
},
{
"source": "psirt@honeywell.com",
"tags": [
"Vendor Advisory"
],
"url": "https://honeywell.com/us/en/product-security#security-notices"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-3939 (GCVE-0-2025-3939)
Vulnerability from cvelistv5
Published
2025-05-22 12:33
Modified
2025-05-22 14:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-204 - Observable Response Discrepancy
Summary
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Tridium | Niagara Framework |
Version: 0 < 4.14.2 Version: 0 < 4.15.1 Version: 0 < 4.10.11 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T14:01:37.287802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:02:22.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"QNX"
],
"product": "Niagara Framework",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"QNX"
],
"product": "Niagara Enterprise Security",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Andrea Palanca and team at Nozomi Networks"
}
],
"datePublic": "2025-05-08T16:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"value": "Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"impacts": [
{
"capecId": "CAPEC-97",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-97 Cryptanalysis"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:49:10.315Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://honeywell.com/us/en/product-security#security-notices"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Observable Response Discrepancy",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2025-3939",
"datePublished": "2025-05-22T12:33:48.250Z",
"dateReserved": "2025-04-25T15:21:16.473Z",
"dateUpdated": "2025-05-22T14:02:22.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3938 (GCVE-0-2025-3938)
Vulnerability from cvelistv5
Published
2025-05-22 12:32
Modified
2025-05-22 14:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-325 - Missing Cryptographic Step
Summary
Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Tridium | Niagara Framework |
Version: 0 < 4.14.2 Version: 0 < 4.15.1 Version: 0 < 4.10.11 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T14:03:16.201132Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:10:21.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"QNX"
],
"product": "Niagara Framework",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"QNX"
],
"product": "Niagara Enterprise Security",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Andrea Palanca and team at Nozomi Networks"
}
],
"datePublic": "2025-05-08T16:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.\u003cbr\u003e"
}
],
"value": "Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"impacts": [
{
"capecId": "CAPEC-97",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-97 Cryptanalysis"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325 Missing Cryptographic Step",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:49:32.299Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.honeywell.com/us/en/product-security#security-notices"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Cryptographic Step",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2025-3938",
"datePublished": "2025-05-22T12:32:01.669Z",
"dateReserved": "2025-04-25T15:21:15.598Z",
"dateUpdated": "2025-05-22T14:10:21.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3940 (GCVE-0-2025-3940)
Vulnerability from cvelistv5
Published
2025-05-22 12:35
Modified
2025-05-22 14:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1173 - Improper Use of Validation Framework
Summary
Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Tridium | Niagara Framework |
Version: 0 < 4.14.2 Version: 0 < 4.15.1 Version: 0 < 4.10.11 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T13:56:59.299523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:00:58.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"QNX"
],
"product": "Niagara Framework",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"QNX"
],
"product": "Niagara Enterprise Security",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Andrea Palanca and team at Nozomi Networks"
}
],
"datePublic": "2025-05-08T16:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"value": "Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1173",
"description": "CWE-1173 Improper Use of Validation Framework",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:48:54.098Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://honeywell.com/us/en/product-security#security-notices"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Use of Validation Framework",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2025-3940",
"datePublished": "2025-05-22T12:35:14.174Z",
"dateReserved": "2025-04-25T15:21:17.262Z",
"dateUpdated": "2025-05-22T14:00:58.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3937 (GCVE-0-2025-3937)
Vulnerability from cvelistv5
Published
2025-05-22 12:23
Modified
2025-05-22 14:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Summary
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Tridium | Niagara Framework |
Version: 0 < 4.14.2 Version: 0 < 4.15.1 Version: 0 < 4.10.11 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T14:29:29.244650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:43:13.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"QNX"
],
"product": "Niagara Framework",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"QNX"
],
"product": "Niagara Enterprise Security",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Andrea Palanca and team at Nozomi Networks"
}
],
"datePublic": "2025-05-08T16:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"value": "Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"impacts": [
{
"capecId": "CAPEC-97",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-97 Cryptanalysis"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:50:14.135Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.honeywell.com/us/en/product-security#security-notices"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of Password Hash with Insufficient Computational Effort",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2025-3937",
"datePublished": "2025-05-22T12:23:42.058Z",
"dateReserved": "2025-04-25T15:21:14.598Z",
"dateUpdated": "2025-05-22T14:43:13.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3942 (GCVE-0-2025-3942)
Vulnerability from cvelistv5
Published
2025-05-22 12:40
Modified
2025-05-22 13:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-117 - Improper Output Neutralization for Logs
Summary
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Tridium | Niagara Framework |
Version: 0 < 4.14.2 Version: 0 < 4.15.1 Version: 0 < 4.10.11 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T13:36:08.958420Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T13:36:18.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"QNX"
],
"product": "Niagara Framework",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"QNX"
],
"product": "Niagara Enterprise Security",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Andrea Palanca and team at Nozomi Networks"
}
],
"datePublic": "2025-05-08T16:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"value": "Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:40:12.581Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tridium.com/us/en/product-security"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.honeywell.com/us/en/product-security#security-notices"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Output Neutralization for Logs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2025-3942",
"datePublished": "2025-05-22T12:40:12.581Z",
"dateReserved": "2025-04-25T15:21:18.791Z",
"dateUpdated": "2025-05-22T13:36:18.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3945 (GCVE-0-2025-3945)
Vulnerability from cvelistv5
Published
2025-05-22 12:47
Modified
2025-05-22 13:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Summary
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Tridium | Niagara Framework |
Version: 0 < 4.14.2 Version: 0 < 4.15.1 Version: 0 < 4.10.11 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T13:17:20.455610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T13:17:49.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"QNX"
],
"product": "Niagara Framework",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"QNX"
],
"product": "Niagara Enterprise Security",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Andrea Palanca and team at Nozomi Network"
}
],
"datePublic": "2025-05-08T16:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"impacts": [
{
"capecId": "CAPEC-15",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-15 Command Delimiters"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:47:00.903Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://honeywell.com/us/en/product-security#security-notices"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Argument Delimiters in a Command (\u2018Argument Injection\u2019)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2025-3945",
"datePublished": "2025-05-22T12:47:00.903Z",
"dateReserved": "2025-04-25T15:21:20.955Z",
"dateUpdated": "2025-05-22T13:17:49.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18985 (GCVE-0-2018-18985)
Vulnerability from cvelistv5
Published
2019-01-29 16:00
Modified
2024-09-16 17:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING')
Summary
Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tridium | Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 |
Version: Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106530"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4",
"vendor": "Tridium",
"versions": [
{
"status": "affected",
"version": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4"
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-31T23:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106530"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-10T00:00:00",
"ID": "CVE-2018-18985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4",
"version": {
"version_data": [
{
"version_value": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4"
}
]
}
}
]
},
"vendor_name": "Tridium"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106530"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-18985",
"datePublished": "2019-01-29T16:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-16T17:54:09.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3941 (GCVE-0-2025-3941)
Vulnerability from cvelistv5
Published
2025-05-22 12:38
Modified
2025-05-22 13:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-69 - Improper Handling of Windows ::DATA Alternate Data Stream
Summary
Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Tridium | Niagara Framework |
Version: 0 < 4.14.2 Version: 0 < 4.15.1 Version: 0 < 4.10.11 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T13:47:50.253374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T13:52:36.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "Niagara Framework",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "Niagara Enterprise Security",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Andrea Palanca and team at Nozomi Networks"
}
],
"datePublic": "2025-05-08T16:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"value": "Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-69",
"description": "CWE-69 Improper Handling of Windows ::DATA Alternate Data Stream",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:48:36.986Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.honeywell.com/us/en/product-security#security-notices"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Handling of Windows: DATA Alternate Data Stream",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2025-3941",
"datePublished": "2025-05-22T12:38:15.750Z",
"dateReserved": "2025-04-25T15:21:18.048Z",
"dateUpdated": "2025-05-22T13:52:36.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3944 (GCVE-0-2025-3944)
Vulnerability from cvelistv5
Published
2025-05-22 12:44
Modified
2025-05-22 13:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Tridium | Niagara Framework |
Version: 0 < 4.14.2 Version: 0 < 4.15.1 Version: 0 < 4.10.11 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T13:17:31.112109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T13:17:37.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"QNX"
],
"product": "Niagara Framework",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"QNX"
],
"product": "Niagara Enterprise Security",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Andrea Palanca and team at Nozomi Network"
}
],
"datePublic": "2025-05-08T16:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:45:05.762Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.honeywell.com/us/en/product-security#security-notices"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Permission Assignment for Critical Resource",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2025-3944",
"datePublished": "2025-05-22T12:44:55.511Z",
"dateReserved": "2025-04-25T15:21:20.179Z",
"dateUpdated": "2025-05-22T13:17:37.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3936 (GCVE-0-2025-3936)
Vulnerability from cvelistv5
Published
2025-05-22 12:20
Modified
2025-05-22 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Tridium | Niagara Framework |
Version: 0 < 4.14.2 Version: 0 < 4.15.1 Version: 0 < 4.10.11 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:19:05.444995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:29:38.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "Niagara Framework",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "Niagara Enterprise Security",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Andrea Palanca and team at Nozomi Networks"
}
],
"datePublic": "2025-05-08T16:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.\u003cbr\u003e"
}
],
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:50:32.521Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.honeywell.com/us/en/product-security#security-notices"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Permission Assignment for Critical Resource",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2025-3936",
"datePublished": "2025-05-22T12:20:42.337Z",
"dateReserved": "2025-04-25T15:21:09.014Z",
"dateUpdated": "2025-05-22T17:29:38.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16748 (GCVE-0-2017-16748)
Vulnerability from cvelistv5
Published
2018-08-20 21:00
Modified
2024-09-17 03:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - IMPROPER AUTHENTICATION
Summary
An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Niagara AX Framework and Niagara 4 Framework |
Version: Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105101",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Niagara AX Framework and Niagara 4 Framework",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "IMPROPER AUTHENTICATION CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T21:11:09",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105101",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2017-16748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Niagara AX Framework and Niagara 4 Framework",
"version": {
"version_data": [
{
"version_value": "Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105101"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-16748",
"datePublished": "2018-08-20T21:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-17T03:13:38.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16744 (GCVE-0-2017-16744)
Vulnerability from cvelistv5
Published
2018-08-20 21:00
Modified
2024-09-17 00:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL')
Summary
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Niagara AX Framework and Niagara 4 Framework |
Version: Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:20.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105101",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Niagara AX Framework and Niagara 4 Framework",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T21:08:59",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105101",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2017-16744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Niagara AX Framework and Niagara 4 Framework",
"version": {
"version_data": [
{
"version_value": "Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105101"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-022-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-16744",
"datePublished": "2018-08-20T21:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-17T00:42:31.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14483 (GCVE-0-2020-14483)
Vulnerability from cvelistv5
Published
2020-08-13 14:41
Modified
2024-08-04 12:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1088 - SYNCHRONOUS ACCESS OF REMOTE RESOURCE WITHOUT TIMEOUT
Summary
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Niagara",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Niagara: Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security: Versions 2.4.31, 2.4.45, 4.8.0.35"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1088",
"description": "SYNCHRONOUS ACCESS OF REMOTE RESOURCE WITHOUT TIMEOUT CWE-1088",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-13T14:41:35",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Niagara",
"version": {
"version_data": [
{
"version_value": "Niagara: Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security: Versions 2.4.31, 2.4.45, 4.8.0.35"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SYNCHRONOUS ACCESS OF REMOTE RESOURCE WITHOUT TIMEOUT CWE-1088"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14483",
"datePublished": "2020-08-13T14:41:35",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3943 (GCVE-0-2025-3943)
Vulnerability from cvelistv5
Published
2025-05-22 12:42
Modified
2025-05-22 13:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-598 - Use of GET Request Method With Sensitive Query Strings
Summary
Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Tridium | Niagara Framework |
Version: 0 < 4.14.2 Version: 0 < 4.15.1 Version: 0 < 4.10.11 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T13:19:00.551594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T13:19:08.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"QNX"
],
"product": "Niagara Framework",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"QNX"
],
"product": "Niagara Enterprise Security",
"vendor": "Tridium",
"versions": [
{
"lessThan": "4.14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.10.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Andrea Palanca and team at Nozomi Network"
}
],
"datePublic": "2025-05-08T16:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-598",
"description": "CWE-598 Use of GET Request Method With Sensitive Query Strings",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:42:13.893Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://honeywell.com/us/en/product-security#security-notices"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.niagara-community.com/category/tech_bull"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of GET Request Method With sensitive Query Strings",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2025-3943",
"datePublished": "2025-05-22T12:42:13.893Z",
"dateReserved": "2025-04-25T15:21:19.481Z",
"dateUpdated": "2025-05-22T13:19:08.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}