cbcvebase.

Tridium Niagara Enterprise Security vulnerabilities

12 known vulnerabilities affecting tridium/niagara_enterprise_security.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-3945P2CRITICALCVSS 9.8v4.10u10v4.14u1+4 more2025-05-22
CVE-2025-3945 [CRITICAL] CWE-88 CVE-2025-3945: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before
nvd
CVE-2025-3944P2CRITICALCVSS 9.8v4.10u10v4.14u1+4 more2025-05-22
CVE-2025-3944 [CRITICAL] CWE-732 CVE-2025-3944: Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends
nvd
CVE-2025-3936P3CRITICALCVSS 9.8v4.10u10v4.14u1+4 more2025-05-22
CVE-2025-3936 [CRITICAL] CWE-732 CVE-2025-3936: Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.1
nvd
CVE-2025-3941P3CRITICALCVSS 9.8v4.10u10v4.14u1+4 more2025-05-22
CVE-2025-3941 [CRITICAL] CWE-69 CVE-2025-3941: Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tr
nvd
CVE-2025-3938P3CRITICALCVSS 9.8v4.10u10v4.14u1+4 more2025-05-22
CVE-2025-3938 [CRITICAL] CWE-325 CVE-2025-3938: Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridiu Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommend
nvd
CVE-2025-3940P3CRITICALCVSS 9.8v4.10u10v4.14u1+4 more2025-05-22
CVE-2025-3940 [CRITICAL] CWE-1173 CVE-2025-3940: Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, Q Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.
nvd
CVE-2025-3937P3CRITICALCVSS 9.8v4.10u10v4.14u1+4 more2025-05-22
CVE-2025-3937 [CRITICAL] CWE-916 CVE-2025-3937: Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framewo Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1,
nvd
CVE-2025-3943P3HIGHCVSS 7.5v4.10u10v4.14u1+4 more2025-05-22
CVE-2025-3943 [HIGH] CWE-598 CVE-2025-3943: Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, bef
nvd
CVE-2025-3942P3HIGHCVSS 7.5v4.10u10v4.14u1+4 more2025-05-22
CVE-2025-3942 [HIGH] CWE-117 CVE-2025-3942: Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11
nvd
CVE-2025-3939P4MEDIUMCVSS 5.3v4.10u10v4.14u1+4 more2025-05-22
CVE-2025-3939 [MEDIUM] CWE-204 CVE-2025-3939: Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, T Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recomme
nvd
CVE-2018-18985P4MEDIUMCVSS 5.4fixed in 2.3.118.6v2.3u12019-01-29
CVE-2018-18985 [MEDIUM] CWE-79 CVE-2018-18985: Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all ve Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages a
nvd
CVE-2020-14483P4MEDIUMCVSS 4.3v2.4.31v2.4.45+1 more2020-08-13
CVE-2020-14483 [MEDIUM] CWE-1088 CVE-2020-14483: A timeout during a TLS handshake can result in the connection failing to terminate. This can result A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.
nvd
Tridium Niagara Enterprise Security vulnerabilities | cvebase