Tridium Niagara vulnerabilities
14 known vulnerabilities affecting tridium/niagara.
Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-3945P2CRITICALCVSS 9.8v4.10u10v4.14u1+1 more2025-05-22
CVE-2025-3945 [CRITICAL] CWE-88 CVE-2025-3945: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before
nvd
CVE-2025-3944P2CRITICALCVSS 9.8v4.10u10v4.14u1+1 more2025-05-22
CVE-2025-3944 [CRITICAL] CWE-732 CVE-2025-3944: Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends
nvd
CVE-2017-16748P3CRITICALCVSS 9.8≤ 4.42018-08-20
CVE-2017-16748 [CRITICAL] CWE-287 CVE-2017-16748: An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or
An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system.
nvd
CVE-2025-3936P3CRITICALCVSS 9.8v4.10u10v4.14u1+1 more2025-05-22
CVE-2025-3936 [CRITICAL] CWE-732 CVE-2025-3936: Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.1
nvd
CVE-2025-3941P3CRITICALCVSS 9.8v4.10u10v4.14u1+1 more2025-05-22
CVE-2025-3941 [CRITICAL] CWE-69 CVE-2025-3941: Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework
Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tr
nvd
CVE-2025-3938P3CRITICALCVSS 9.8v4.10u10v4.14u1+1 more2025-05-22
CVE-2025-3938 [CRITICAL] CWE-325 CVE-2025-3938: Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridiu
Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommend
nvd
CVE-2025-3940P3CRITICALCVSS 9.8v4.10u10v4.14u1+1 more2025-05-22
CVE-2025-3940 [CRITICAL] CWE-1173 CVE-2025-3940: Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, Q
Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.
nvd
CVE-2025-3937P3CRITICALCVSS 9.8v4.10u10v4.14u1+1 more2025-05-22
CVE-2025-3937 [CRITICAL] CWE-916 CVE-2025-3937: Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framewo
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1,
nvd
CVE-2025-3943P3HIGHCVSS 7.5v4.10u10v4.14u1+1 more2025-05-22
CVE-2025-3943 [HIGH] CWE-598 CVE-2025-3943: Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on
Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, bef
nvd
CVE-2017-16744P3HIGHCVSS 7.2≥ 4.0, ≤ 4.42018-08-20
CVE-2017-16744 [HIGH] CWE-22 CVE-2017-16744: A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Ve
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.
nvd
CVE-2025-3942P3HIGHCVSS 7.5v4.10u10v4.14u1+1 more2025-05-22
CVE-2025-3942 [HIGH] CWE-117 CVE-2025-3942: Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11
nvd
CVE-2025-3939P4MEDIUMCVSS 5.3v4.10u10v4.14u1+1 more2025-05-22
CVE-2025-3939 [MEDIUM] CWE-204 CVE-2025-3939: Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, T
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recomme
nvd
CVE-2018-18985P4MEDIUMCVSS 5.4fixed in 4.4.93.40.2≥ 4.6, < 4.6.96.28.4+1 more2019-01-29
CVE-2018-18985 [MEDIUM] CWE-79 CVE-2018-18985: Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all ve
Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages a
nvd
CVE-2020-14483P4MEDIUMCVSS 4.3v4.6.96.28v4.7.109.20+3 more2020-08-13
CVE-2020-14483 [MEDIUM] CWE-1088 CVE-2020-14483: A timeout during a TLS handshake can result in the connection failing to terminate. This can result
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.
nvd