VYPR

Niagara Framework

by Tridium

CVEs (14)

  • CVE-2025-3937HigMay 22, 2025
    risk 0.50cvss 7.7epss 0.00

    Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1,…

  • CVE-2025-3945HigMay 22, 2025
    risk 0.47cvss 7.2epss 0.01

    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before…

  • CVE-2025-3944HigMay 22, 2025
    risk 0.47cvss 7.2epss 0.00

    Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise…

  • CVE-2025-3938MedMay 22, 2025
    risk 0.44cvss 6.8epss 0.00

    Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise…

  • CVE-2025-3936MedMay 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before…

  • CVE-2025-3941MedMay 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11;…

  • CVE-2025-3940MedMay 22, 2025
    risk 0.34cvss 5.3epss 0.00

    Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11;…

  • CVE-2025-3939MedMay 22, 2025
    risk 0.34cvss 5.3epss 0.00

    Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara…

  • CVE-2025-3942MedMay 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before…

  • CVE-2025-3943MedMay 22, 2025
    risk 0.27cvss 4.1epss 0.07

    Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1,…

  • CVE-2012-3025Aug 16, 2012
    risk 0.00cvss epss 0.02

    The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2012-3024Aug 16, 2012
    risk 0.00cvss epss 0.02

    Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack.

  • CVE-2012-4028Jul 16, 2012
    risk 0.00cvss epss 0.02

    Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.

  • CVE-2012-4027Jul 16, 2012
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.