Tridium Niagara
14 CVEs affecting Tridium Niagara. Latest disclosed: 2025-05-22. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-16748 | Critical | 9.8 | 2018-08-20 | An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disable… |
CVE-2025-3937 | High | 7.7 | 2025-05-22 | Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Secur… |
CVE-2025-3945 | High | 7.2 | 2025-05-22 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterpris… |
CVE-2025-3944 | High | 7.2 | 2025-05-22 | Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File… |
CVE-2017-16744 | High | 7.2 | 2018-08-20 | A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems… |
CVE-2025-3938 | Medium | 6.8 | 2025-05-22 | Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows… |
CVE-2025-3936 | Medium | 6.5 | 2025-05-22 | Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows all… |
CVE-2025-3941 | Medium | 5.4 | 2025-05-22 | Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows… |
CVE-2018-18985 | Medium | 5.4 | 2019-01-29 | Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prio… |
CVE-2025-3940 | Medium | 5.3 | 2025-05-22 | Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux… |
CVE-2025-3939 | Medium | 5.3 | 2025-05-22 | Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX a… |
CVE-2025-3942 | Medium | 4.3 | 2025-05-22 | Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linu… |
CVE-2020-14483 | Medium | 4.3 | 2020-08-13 | A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart o… |
CVE-2025-3943 | Medium | 4.1 | 2025-05-22 | Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security o… |