Lucene search
+L
TridiumNiagara

14 matches found

CVE
CVE
added 2018/08/20 9:0 p.m.127 views

CVE-2017-16748

CVE-2017-16748 affects Tridium Niagara AX/Niagara 4 platforms: Niagara AX Framework 3.8 and earlier and Niagara 4 Framework 4.4 and earlier. The issue is improper authentication where an attacker can log in using a disabled account name with a blank password and gain administrator privileges on t...

9.8CVSS9.1AI score0.05144EPSS
CVE
CVE
added 2018/08/20 9:0 p.m.102 views

CVE-2017-16744

CVE-2017-16744 is a path-traversal vulnerability in Tridium Niagara AX (versions 3.8 and earlier) and Niagara 4 (versions 4.4 and earlier) running on Windows. The root cause is improper filtering/limitation of user-supplied pathnames, allowing an attacker with valid platform administrator credent...

7.2CVSS6.8AI score0.0622EPSS
CVE
CVE
added 2019/01/29 4:0 p.m.85 views

CVE-2018-18985

The CVE-2018-18985 issue affects Tridium Niagara products: Niagara Enterprise Security 2.3u1, Niagara AX 3.8u4, Niagara 4.4u2, and Niagara 4.6, all versions prior to the specified deltas (2.3.118.6, 3.8.401.1, 4.4.93.40.2, 4.6.96.28.4). The vulnerability is an improper neutralization of input dur...

5.4CVSS5.2AI score0.00973EPSS
CVE
CVE
added 2020/08/13 2:41 p.m.75 views

CVE-2020-14483

CVE-2020-14483 describes a timeout during a TLS handshake that can prevent termination of the connection, causing a Niagara thread hang and necessitating a manual restart. Affected products are Tridium Niagara and Niagara Enterprise Security, specifically: Niagara 4.6.96.28, 4.7.109.20, 4.7.110.3...

4.3CVSS4.5AI score0.0042EPSS
CVE
CVE
added 2025/05/22 12:44 p.m.71 views

CVE-2025-3944

CVE-2025-3944 affects Tridium Niagara Framework and Tridium Niagara Enterprise Security running on QNX. Vulnerability: Incorrect Permission Assignment for Critical Resource, enabling file manipulation. Affected versions: Niagara Framework prior to 4.14.2, prior to 4.15.1, prior to 4.10.11; Niagar...

9.8CVSS7AI score0.0048EPSS
CVE
CVE
added 2025/05/22 12:20 p.m.67 views

CVE-2025-3936

CVE-2025-3936 involves an Incorrect Permission Assignment for Critical Resource in Tridium Niagara Framework (Windows) and Tridium Niagara Enterprise Security (Windows) . The root cause is misconfigured access control that could enable an attacker to exploit permissions on critical resources. Aff...

9.8CVSS6.5AI score0.00366EPSS
CVE
CVE
added 2025/05/22 12:35 p.m.67 views

CVE-2025-3940

CVE-2025-3940 is an Improper Use of Validation Framework vulnerability in Tridium Niagara Framework and Niagara Enterprise Security, allowing input data manipulation. Affected: Niagara Framework and Niagara Enterprise Security, versions before 4.14.2, 4.15.1, and 4.10.11. Exploitation details are...

9.8CVSS5.3AI score0.003EPSS
CVE
CVE
added 2025/05/22 12:42 p.m.66 views

CVE-2025-3943

CVE-2025-3943 affects Tridium Niagara Framework and Tridium Niagara Enterprise Security. The issue is use of GET with sensitive query strings allowing parameter injection, with affected versions before 4.14.2, before 4.15.1, and before 4.10.11 (Framework) and before 4.14.2, before 4.15.1, and bef...

7.5CVSS4.5AI score0.07416EPSS
CVE
CVE
added 2025/05/22 12:23 p.m.65 views

CVE-2025-3937

The CVE-2025-3937 issue affects Tridium Niagara Framework and Niagara Enterprise Security. Vulnerable component: password hash with insufficient computational effort, enabling cryptanalysis. Affected software versions: Niagara Framework before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterp...

9.8CVSS7.6AI score0.00316EPSS
CVE
CVE
added 2025/05/22 12:32 p.m.62 views

CVE-2025-3938

CVE-2025-3938 describes a Missing Cryptographic Step vulnerability in Tridium Niagara Framework and Niagara Enterprise Security across Windows, Linux and QNX. Affected versions are Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before ...

9.8CVSS6.6AI score0.00318EPSS
CVE
CVE
added 2025/05/22 12:38 p.m.62 views

CVE-2025-3941

The vulnerability CVE-2025-3941 affects Tridium Niagara Framework and Niagara Enterprise Security on Windows, arising from improper handling of Windows DATA Alternate Data Streams. The issue allows input data manipulation and is listed as affecting Niagara Framework versions before 4.14.2, before...

9.8CVSS5.5AI score0.0047EPSS
CVE
CVE
added 2025/05/22 12:33 p.m.60 views

CVE-2025-3939

CVE-2025-3939 describes an observable response discrepancy in Tridium Niagara Framework and Tridium Niagara Enterprise Security that could enable cryptanalysis. Affected software and versions include Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: bef...

5.3CVSS5.3AI score0.00261EPSS
CVE
CVE
added 2025/05/22 12:47 p.m.59 views

CVE-2025-3945

CVE-2025-3945 is an Improper Neutralization of Argument Delimiters in a Command affecting Tridium Niagara Framework and Niagara Enterprise Security on QNX. Concrete details from PT-2025-22472 indicate affected versions: Niagara Framework <4.14.2, <4.15.1, <4.10.11 and Niagara Enterprise ...

9.8CVSS7AI score0.00593EPSS
CVE
CVE
added 2025/05/22 12:40 p.m.53 views

CVE-2025-3942

CVE-2025-3942 affects Tridium Niagara Framework and Tridium Niagara Enterprise Security on Windows, Linux, and QNX, due to Improper Output Neutralization for Logs that enables Input Data Manipulation. Affected versions are Niagara Framework before 4.14.2, before 4.15.1, and before 4.10.11; Niagar...

7.5CVSS4.6AI score0.00239EPSS