Lucene search
+L

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

🗓️ 28 Jul 2025 04:12:00Reported by The Hacker NewsType 
thn
 thn
🔗 thehackernews.com👁 10 Views

Critical vulnerabilities in Niagara Framework could compromise smart buildings and industrial systems.

Related
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the device management platform for heating, ventilation, and air conditioning systems, lighting, and energy consumption control within the Niagara Framework, along with the Niagara Enterprise Security tools for access control and security, can be exploited due to improper handling of argument separators in commands. This allows attackers to trigger service failures.
29 Jul 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the device management platform for systems involving heating, ventilation, and air conditioning, lighting, and energy consumption within the Niagara Framework, along with the Niagara Enterprise Security tools for access control and security, stems from incorrect assignment of permissions to critical resources. This allows attackers to gain unauthorized access to protected information, enhance their privileges, and execute arbitrary code.
29 Jul 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the device management platform for heating, ventilation, and air conditioning systems, lighting, and energy consumption within the Niagara Framework, along with the access control and security measures of Niagara Enterprise Security, arises from the improper assignment of permissions to critical resources. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
29 Jul 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the device management platform for systems involving heating, ventilation, and air conditioning, lighting, and energy consumption within the Niagara Framework, along with the Niagara Enterprise Security tools for access control and security, stems from insufficient calculation of password hashes. This allows attackers to gain access to the device.
29 Jul 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of P-Net’s input/output devices, related to writing beyond buffer boundaries, allows a intruder to cause a service failure.
1 Aug 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the device management platform for systems related to heating, ventilation, and air conditioning, lighting, and energy consumption within the Niagara Framework, as well as the Niagara Enterprise Security tools for access control and security, stems from the absence of necessary encryption steps. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
1 Aug 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the device management platform for heating, ventilation, and air conditioning systems, lighting, and energy consumption within the Niagara Framework, along with the Niagara Enterprise Security tools for access control and security, stems from incorrect processing of alternative data streams. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
1 Aug 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the device management platform for systems related to heating, ventilation, and air conditioning, lighting, and energy consumption within the Niagara Framework, as well as the Niagara Enterprise Security tools for access control and security, stems from the ability to disclose information through a query string, allowing attackers to compromise the confidentiality of protected information.
1 Aug 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the stack for implementing Profinet RT-Labs P-Net devices lies in the lack of verification of input data during cyclic operations, which allows a malicious actor to trigger a service failure.
4 Aug 202500:00
bdu_fstec
Circl
CVE-2025-32399
7 May 202507:22
circl
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

29 Jul 2025 04:20Current
8.2High risk
Vulners AI Score8.2
CVSS 3.17.7 - 9.8
EPSS0.07416
SSVC
10