EUVD-2025-16159

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

EUVD document outlines security protocols and guidelines for data protection compliance efforts.

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the device management platform for heating, ventilation, and air conditioning systems, lighting, and energy consumption within the Niagara Framework, along with the access control and security measures of Niagara Enterprise Security, arises from the improper assignment of permissions to critical resources. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.	29 Jul 202500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the device management platform for systems involving heating, ventilation, and air conditioning, lighting, and energy consumption within the Niagara Framework, along with the Niagara Enterprise Security tools for access control and security, stems from insufficient calculation of password hashes. This allows attackers to gain access to the device.	29 Jul 202500:00	–	bdu_fstec
Circl	CVE-2025-3936	7 Aug 202510:00	–	circl
CNNVD	Tridium Niagara Framework和Tridium Niagara Enterprise Security 安全漏洞	22 May 202500:00	–	cnnvd
CVE	CVE-2025-3936	22 May 202512:20	–	cve
Cvelist	CVE-2025-3936 Incorrect Permission Assignment for Critical Resource	22 May 202512:20	–	cvelist
NVD	CVE-2025-3936	22 May 202513:15	–	nvd
Positive Technologies	PT-2025-22463 · Tridium +1 · Tridium Niagara Enterprise Security +2	22 May 202500:00	–	ptsecurity
Positive Technologies	PT-2025-22464 · Tridium · Tridium Niagara Enterprise Security +1	22 May 202500:00	–	ptsecurity
The Hacker News	Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide	28 Jul 202504:12	–	thn

[
  {
    "enisaIdVendor": [
      {
        "id": "e5b394d3-8ba5-33fb-b051-476c5fc01320",
        "vendor": {
          "name": "Tridium"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "79681f3b-5493-3317-9a23-737c64eb803e",
        "product": {
          "name": "Niagara Framework"
        },
        "product_version": "0 <4.14.2"
      },
      {
        "id": "915b6e42-31c9-36f1-b211-2653975e3de9",
        "product": {
          "name": "Niagara Framework"
        },
        "product_version": "0 <4.15.1"
      },
      {
        "id": "ba18c08c-e3a5-3ece-bba8-7b575f0cf5fe",
        "product": {
          "name": "Niagara Enterprise Security"
        },
        "product_version": "0 <4.15.1"
      },
      {
        "id": "c1feb8fe-092c-3be8-81a7-64d1f8fc607d",
        "product": {
          "name": "Niagara Enterprise Security"
        },
        "product_version": "0 <4.10.11"
      },
      {
        "id": "cd998e56-878d-35e8-9f38-9426db64cbff",
        "product": {
          "name": "Niagara Framework"
        },
        "product_version": "0 <4.10.11"
      },
      {
        "id": "ec8cea3c-e3db-33eb-9a84-640c5aa40210",
        "product": {
          "name": "Niagara Enterprise Security"
        },
        "product_version": "0 <4.14.2"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-3936
docs	www.docs.niagara-community.com/category/tech_bull
honeywell	www.honeywell.com/us/en/product-security

03 Oct 2025 20:07Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.16.5 - 9.8

EPSS0.00172

SSVC

security protocols data protection compliance guidelines