14 matches found
CVE-2017-16748
CVE-2017-16748 affects Tridium Niagara AX/Niagara 4 platforms: Niagara AX Framework 3.8 and earlier and Niagara 4 Framework 4.4 and earlier. The issue is improper authentication where an attacker can log in using a disabled account name with a blank password and gain administrator privileges on t...
CVE-2017-16744
CVE-2017-16744 is a path-traversal vulnerability in Tridium Niagara AX (versions 3.8 and earlier) and Niagara 4 (versions 4.4 and earlier) running on Windows. The root cause is improper filtering/limitation of user-supplied pathnames, allowing an attacker with valid platform administrator credent...
CVE-2018-18985
The CVE-2018-18985 issue affects Tridium Niagara products: Niagara Enterprise Security 2.3u1, Niagara AX 3.8u4, Niagara 4.4u2, and Niagara 4.6, all versions prior to the specified deltas (2.3.118.6, 3.8.401.1, 4.4.93.40.2, 4.6.96.28.4). The vulnerability is an improper neutralization of input dur...
CVE-2020-14483
CVE-2020-14483 describes a timeout during a TLS handshake that can prevent termination of the connection, causing a Niagara thread hang and necessitating a manual restart. Affected products are Tridium Niagara and Niagara Enterprise Security, specifically: Niagara 4.6.96.28, 4.7.109.20, 4.7.110.3...
CVE-2025-3944
CVE-2025-3944 affects Tridium Niagara Framework and Tridium Niagara Enterprise Security running on QNX. Vulnerability: Incorrect Permission Assignment for Critical Resource, enabling file manipulation. Affected versions: Niagara Framework prior to 4.14.2, prior to 4.15.1, prior to 4.10.11; Niagar...
CVE-2025-3936
CVE-2025-3936 involves an Incorrect Permission Assignment for Critical Resource in Tridium Niagara Framework (Windows) and Tridium Niagara Enterprise Security (Windows) . The root cause is misconfigured access control that could enable an attacker to exploit permissions on critical resources. Aff...
CVE-2025-3940
CVE-2025-3940 is an Improper Use of Validation Framework vulnerability in Tridium Niagara Framework and Niagara Enterprise Security, allowing input data manipulation. Affected: Niagara Framework and Niagara Enterprise Security, versions before 4.14.2, 4.15.1, and 4.10.11. Exploitation details are...
CVE-2025-3943
CVE-2025-3943 affects Tridium Niagara Framework and Tridium Niagara Enterprise Security. The issue is use of GET with sensitive query strings allowing parameter injection, with affected versions before 4.14.2, before 4.15.1, and before 4.10.11 (Framework) and before 4.14.2, before 4.15.1, and bef...
CVE-2025-3937
The CVE-2025-3937 issue affects Tridium Niagara Framework and Niagara Enterprise Security. Vulnerable component: password hash with insufficient computational effort, enabling cryptanalysis. Affected software versions: Niagara Framework before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterp...
CVE-2025-3938
CVE-2025-3938 describes a Missing Cryptographic Step vulnerability in Tridium Niagara Framework and Niagara Enterprise Security across Windows, Linux and QNX. Affected versions are Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before ...
CVE-2025-3941
The vulnerability CVE-2025-3941 affects Tridium Niagara Framework and Niagara Enterprise Security on Windows, arising from improper handling of Windows DATA Alternate Data Streams. The issue allows input data manipulation and is listed as affecting Niagara Framework versions before 4.14.2, before...
CVE-2025-3939
CVE-2025-3939 describes an observable response discrepancy in Tridium Niagara Framework and Tridium Niagara Enterprise Security that could enable cryptanalysis. Affected software and versions include Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: bef...
CVE-2025-3945
CVE-2025-3945 is an Improper Neutralization of Argument Delimiters in a Command affecting Tridium Niagara Framework and Niagara Enterprise Security on QNX. Concrete details from PT-2025-22472 indicate affected versions: Niagara Framework <4.14.2, <4.15.1, <4.10.11 and Niagara Enterprise ...
CVE-2025-3942
CVE-2025-3942 affects Tridium Niagara Framework and Tridium Niagara Enterprise Security on Windows, Linux, and QNX, due to Improper Output Neutralization for Logs that enables Input Data Manipulation. Affected versions are Niagara Framework before 4.14.2, before 4.15.1, and before 4.10.11; Niagar...