CyberSecurityBoard
Sponsor Register Login

Multiple Vulnerabilities in Tridium Niagara Framework

The vulnerabilities, affecting versions 4.10u10 and earlier, as well as 4.14u1 and earlier, enable attackers with network access to execute sophisticated attack chains resulting in complete system compromise, including root-level remote code execution on target devices. According to Nozomi Networks Labs, Tridium Niagara Framework serves as a critical middleware platform connecting diverse IoT devices across building management, industrial automation, and smart infrastructure environments. These flaws become fully exploitable when Niagara systems are misconfigured with disabled encryption on network devices, a configuration that generates security dashboard warnings. Critical flaws discovered in Tridium Niagara Framework affecting building automation systems. The attack prerequisites include Man-in-the-Middle (MiTM) network positioning and misconfigured Syslog functionality transmitting data without encryption. The newly discovered vulnerabilities are consolidated into ten distinct CVEs, with CVE-2025-3937 scoring the highest CVSS v3.1 rating of 7.7 due to insufficient computational effort in password hashing (CWE-916).

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 25 Jul 2025 13:40:13 +0000


Cyber News related to Multiple Vulnerabilities in Tridium Niagara Framework

CVE-2025-3940 - Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, ...
2 months ago
CVE-2025-3945 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: ...
2 months ago
CVE-2025-3944 - Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before ...
2 months ago
CVE-2025-3943 - Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: ...
2 months ago
CVE-2025-3942 - Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, ...
2 months ago
CVE-2025-3941 - Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, ...
2 months ago
CVE-2025-3939 - Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, ...
2 months ago
CVE-2025-3938 - Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before ...
2 months ago
CVE-2025-3936 - Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ...
2 months ago
CVE-2025-3937 - Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: ...
1 month ago
Multiple Vulnerabilities in Tridium Niagara Framework - The vulnerabilities, affecting versions 4.10u10 and earlier, as well as 4.14u1 and earlier, enable attackers with network access to execute sophisticated attack chains resulting in complete system compromise, including root-level remote code ...
17 hours ago Cybersecuritynews.com CVE-2025-3937
Zero Trust Security Framework: Implementing Trust in Business - The Zero Trust security framework is an effective approach to enhancing security by challenging traditional notions of trust. Zero Trust Security represents a significant shift in the cybersecurity approach, challenging the conventional concept of ...
1 year ago Securityzap.com
CVE-2018-18985 - Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting ...
5 years ago
CVE-2024-1309 - Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1. ...
1 year ago
CVE-2017-16748 - An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the ...
6 years ago
Cybersecurity Frameworks: What Do the Experts Have to Say? - Cybersecurity frameworks are blueprints for security programs. Typically developed by governmental organizations, industry groups, or international bodies, they take the guesswork out of developing defense strategies, providing organizations with ...
1 year ago Tripwire.com
Framework's software and firmware have been a mess, but it's working on them - Since Framework showed off its first prototypes in February 2021, we've generally been fans of the company's modular, repairable, upgradeable laptops. Not that the company's hardware releases to date have been perfect-each Framework Laptop 13 model ...
1 year ago Arstechnica.com
CVE-2019-0545 - An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET ...
3 years ago
CVE-2018-8284 - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework ...
3 years ago
CVE-2018-8202 - An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft ...
3 years ago
CVE-2018-1039 - A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, ...
5 years ago
CVE-2018-8421 - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft ...
3 years ago
CVE-2018-8360 - An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET ...
3 years ago
CVE-2017-16744 - A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials. ...
6 years ago
What is the NIST Cybersecurity Framework? Definition from SearchSecurity - The NIST Cybersecurity Framework provides guidance on how to manage and reduce IT infrastructure security risk. NIST created the CSF to help private sector organizations in the United States develop a roadmap for critical infrastructure ...
1 year ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)