Search

Find a vulnerability

Search criteria

    24 vulnerabilities found for niagara_enterprise_security by tridium

    CVE-2025-3945 (GCVE-0-2025-3945)

    Vulnerability from nvd – Published: 2025-05-22 12:47 – Updated: 2025-05-22 13:17
    VLAI
    Title
    Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)
    Summary
    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Network
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3945",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T13:17:20.455610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T13:17:49.912Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Network"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-15",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-15 Command Delimiters"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:47:00.903Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Neutralization of Argument Delimiters in a Command (\u2018Argument Injection\u2019)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3945",
        "datePublished": "2025-05-22T12:47:00.903Z",
        "dateReserved": "2025-04-25T15:21:20.955Z",
        "dateUpdated": "2025-05-22T13:17:49.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3944 (GCVE-0-2025-3944)

    Vulnerability from nvd – Published: 2025-05-22 12:44 – Updated: 2025-05-22 13:17
    VLAI
    Title
    Incorrect Permission Assignment for Critical Resource
    Summary
    Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Network
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3944",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T13:17:31.112109Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T13:17:37.301Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Network"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:45:05.762Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Permission Assignment for Critical Resource",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3944",
        "datePublished": "2025-05-22T12:44:55.511Z",
        "dateReserved": "2025-04-25T15:21:20.179Z",
        "dateUpdated": "2025-05-22T13:17:37.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3943 (GCVE-0-2025-3943)

    Vulnerability from nvd – Published: 2025-05-22 12:42 – Updated: 2025-05-22 13:19
    VLAI
    Title
    Use of GET Request Method With sensitive Query Strings
    Summary
    Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-598 - Use of GET Request Method With Sensitive Query Strings
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Network
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3943",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T13:19:00.551594Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T13:19:08.477Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Network"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-598",
                  "description": "CWE-598 Use of GET Request Method With Sensitive Query Strings",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:42:13.893Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use of GET Request Method With sensitive Query Strings",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3943",
        "datePublished": "2025-05-22T12:42:13.893Z",
        "dateReserved": "2025-04-25T15:21:19.481Z",
        "dateUpdated": "2025-05-22T13:19:08.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3942 (GCVE-0-2025-3942)

    Vulnerability from nvd – Published: 2025-05-22 12:40 – Updated: 2025-05-22 13:36
    VLAI
    Title
    Improper Output Neutralization for Logs
    Summary
    Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3942",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T13:36:08.958420Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T13:36:18.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "CWE-117 Improper Output Neutralization for Logs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:40:12.581Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.tridium.com/us/en/product-security"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.honeywell.com/us/en/product-security#security-notices"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Output Neutralization for Logs",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3942",
        "datePublished": "2025-05-22T12:40:12.581Z",
        "dateReserved": "2025-04-25T15:21:18.791Z",
        "dateUpdated": "2025-05-22T13:36:18.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3941 (GCVE-0-2025-3941)

    Vulnerability from nvd – Published: 2025-05-22 12:38 – Updated: 2025-05-22 13:52
    VLAI
    Title
    Improper Handling of Windows: DATA Alternate Data Stream
    Summary
    Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-69 - Improper Handling of Windows ::DATA Alternate Data Stream
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3941",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T13:47:50.253374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T13:52:36.314Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-69",
                  "description": "CWE-69 Improper Handling of Windows ::DATA Alternate Data Stream",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:48:36.986Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Handling of Windows: DATA Alternate Data Stream",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3941",
        "datePublished": "2025-05-22T12:38:15.750Z",
        "dateReserved": "2025-04-25T15:21:18.048Z",
        "dateUpdated": "2025-05-22T13:52:36.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3940 (GCVE-0-2025-3940)

    Vulnerability from nvd – Published: 2025-05-22 12:35 – Updated: 2025-05-22 14:00
    VLAI
    Title
    Improper Use of Validation Framework
    Summary
    Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1173 - Improper Use of Validation Framework
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3940",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T13:56:59.299523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T14:00:58.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1173",
                  "description": "CWE-1173 Improper Use of Validation Framework",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:48:54.098Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Use of Validation Framework",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3940",
        "datePublished": "2025-05-22T12:35:14.174Z",
        "dateReserved": "2025-04-25T15:21:17.262Z",
        "dateUpdated": "2025-05-22T14:00:58.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3939 (GCVE-0-2025-3939)

    Vulnerability from nvd – Published: 2025-05-22 12:33 – Updated: 2025-05-22 14:02
    VLAI
    Title
    Observable Response Discrepancy
    Summary
    Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3939",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T14:01:37.287802Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T14:02:22.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-97",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-97 Cryptanalysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Observable Response Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:49:10.315Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Observable Response Discrepancy",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3939",
        "datePublished": "2025-05-22T12:33:48.250Z",
        "dateReserved": "2025-04-25T15:21:16.473Z",
        "dateUpdated": "2025-05-22T14:02:22.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3938 (GCVE-0-2025-3938)

    Vulnerability from nvd – Published: 2025-05-22 12:32 – Updated: 2025-05-22 14:10
    VLAI
    Title
    Missing Cryptographic Step
    Summary
    Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-325 - Missing Cryptographic Step
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T14:03:16.201132Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T14:10:21.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.\u003cbr\u003e"
                }
              ],
              "value": "Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-97",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-97 Cryptanalysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-325",
                  "description": "CWE-325 Missing Cryptographic Step",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:49:32.299Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Cryptographic Step",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3938",
        "datePublished": "2025-05-22T12:32:01.669Z",
        "dateReserved": "2025-04-25T15:21:15.598Z",
        "dateUpdated": "2025-05-22T14:10:21.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3937 (GCVE-0-2025-3937)

    Vulnerability from nvd – Published: 2025-05-22 12:23 – Updated: 2025-05-22 14:43
    VLAI
    Title
    Use of Password Hash with Insufficient Computational Effort
    Summary
    Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-916 - Use of Password Hash With Insufficient Computational Effort
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3937",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T14:29:29.244650Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T14:43:13.538Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-97",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-97 Cryptanalysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-916",
                  "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:50:14.135Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.honeywell.com/us/en/product-security#security-notices"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use of Password Hash with Insufficient Computational Effort",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3937",
        "datePublished": "2025-05-22T12:23:42.058Z",
        "dateReserved": "2025-04-25T15:21:14.598Z",
        "dateUpdated": "2025-05-22T14:43:13.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3936 (GCVE-0-2025-3936)

    Vulnerability from nvd – Published: 2025-05-22 12:20 – Updated: 2025-05-22 17:29
    VLAI
    Title
    Incorrect Permission Assignment for Critical Resource
    Summary
    Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3936",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T17:19:05.444995Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T17:29:38.532Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.\u003cbr\u003e"
                }
              ],
              "value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:50:32.521Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.honeywell.com/us/en/product-security#security-notices"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Permission Assignment for Critical Resource",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3936",
        "datePublished": "2025-05-22T12:20:42.337Z",
        "dateReserved": "2025-04-25T15:21:09.014Z",
        "dateUpdated": "2025-05-22T17:29:38.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14483 (GCVE-0-2020-14483)

    Vulnerability from nvd – Published: 2020-08-13 14:41 – Updated: 2024-08-04 12:46
    VLAI
    Summary
    A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.
    Severity
    No CVSS data available.
    CWE
    • CWE-1088 - SYNCHRONOUS ACCESS OF REMOTE RESOURCE WITHOUT TIMEOUT CWE-1088
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Niagara Affected: Niagara: Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security: Versions 2.4.31, 2.4.45, 4.8.0.35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:46:34.631Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Niagara",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Niagara: Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security: Versions 2.4.31, 2.4.45, 4.8.0.35"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1088",
                  "description": "SYNCHRONOUS ACCESS OF REMOTE RESOURCE WITHOUT TIMEOUT CWE-1088",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-13T14:41:35.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-14483",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Niagara",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Niagara: Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security: Versions 2.4.31, 2.4.45, 4.8.0.35"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SYNCHRONOUS ACCESS OF REMOTE RESOURCE WITHOUT TIMEOUT CWE-1088"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-14483",
        "datePublished": "2020-08-13T14:41:35.000Z",
        "dateReserved": "2020-06-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:46:34.631Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18985 (GCVE-0-2018-18985)

    Vulnerability from nvd – Published: 2019-01-29 16:00 – Updated: 2024-09-16 17:54
    VLAI
    Summary
    Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tridium Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 Affected: Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4
    Create a notification for this product.
    Date Public
    2019-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106530",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106530"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4",
              "vendor": "Tridium",
              "versions": [
                {
                  "status": "affected",
                  "version": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4"
                }
              ]
            }
          ],
          "datePublic": "2019-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-31T23:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "106530",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106530"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-10T00:00:00",
              "ID": "CVE-2018-18985",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Tridium"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106530",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106530"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-18985",
        "datePublished": "2019-01-29T16:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:54:09.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3945 (GCVE-0-2025-3945)

    Vulnerability from cvelistv5 – Published: 2025-05-22 12:47 – Updated: 2025-05-22 13:17
    VLAI
    Title
    Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)
    Summary
    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Network
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3945",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T13:17:20.455610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T13:17:49.912Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Network"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-15",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-15 Command Delimiters"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:47:00.903Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Neutralization of Argument Delimiters in a Command (\u2018Argument Injection\u2019)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3945",
        "datePublished": "2025-05-22T12:47:00.903Z",
        "dateReserved": "2025-04-25T15:21:20.955Z",
        "dateUpdated": "2025-05-22T13:17:49.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3944 (GCVE-0-2025-3944)

    Vulnerability from cvelistv5 – Published: 2025-05-22 12:44 – Updated: 2025-05-22 13:17
    VLAI
    Title
    Incorrect Permission Assignment for Critical Resource
    Summary
    Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Network
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3944",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T13:17:31.112109Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T13:17:37.301Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Network"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:45:05.762Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Permission Assignment for Critical Resource",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3944",
        "datePublished": "2025-05-22T12:44:55.511Z",
        "dateReserved": "2025-04-25T15:21:20.179Z",
        "dateUpdated": "2025-05-22T13:17:37.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3943 (GCVE-0-2025-3943)

    Vulnerability from cvelistv5 – Published: 2025-05-22 12:42 – Updated: 2025-05-22 13:19
    VLAI
    Title
    Use of GET Request Method With sensitive Query Strings
    Summary
    Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-598 - Use of GET Request Method With Sensitive Query Strings
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Network
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3943",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T13:19:00.551594Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T13:19:08.477Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Network"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-598",
                  "description": "CWE-598 Use of GET Request Method With Sensitive Query Strings",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:42:13.893Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use of GET Request Method With sensitive Query Strings",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3943",
        "datePublished": "2025-05-22T12:42:13.893Z",
        "dateReserved": "2025-04-25T15:21:19.481Z",
        "dateUpdated": "2025-05-22T13:19:08.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3942 (GCVE-0-2025-3942)

    Vulnerability from cvelistv5 – Published: 2025-05-22 12:40 – Updated: 2025-05-22 13:36
    VLAI
    Title
    Improper Output Neutralization for Logs
    Summary
    Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3942",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T13:36:08.958420Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T13:36:18.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "CWE-117 Improper Output Neutralization for Logs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:40:12.581Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.tridium.com/us/en/product-security"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.honeywell.com/us/en/product-security#security-notices"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Output Neutralization for Logs",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3942",
        "datePublished": "2025-05-22T12:40:12.581Z",
        "dateReserved": "2025-04-25T15:21:18.791Z",
        "dateUpdated": "2025-05-22T13:36:18.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3941 (GCVE-0-2025-3941)

    Vulnerability from cvelistv5 – Published: 2025-05-22 12:38 – Updated: 2025-05-22 13:52
    VLAI
    Title
    Improper Handling of Windows: DATA Alternate Data Stream
    Summary
    Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-69 - Improper Handling of Windows ::DATA Alternate Data Stream
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3941",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T13:47:50.253374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T13:52:36.314Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-69",
                  "description": "CWE-69 Improper Handling of Windows ::DATA Alternate Data Stream",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:48:36.986Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Handling of Windows: DATA Alternate Data Stream",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3941",
        "datePublished": "2025-05-22T12:38:15.750Z",
        "dateReserved": "2025-04-25T15:21:18.048Z",
        "dateUpdated": "2025-05-22T13:52:36.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3940 (GCVE-0-2025-3940)

    Vulnerability from cvelistv5 – Published: 2025-05-22 12:35 – Updated: 2025-05-22 14:00
    VLAI
    Title
    Improper Use of Validation Framework
    Summary
    Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1173 - Improper Use of Validation Framework
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3940",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T13:56:59.299523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T14:00:58.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1173",
                  "description": "CWE-1173 Improper Use of Validation Framework",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:48:54.098Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Use of Validation Framework",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3940",
        "datePublished": "2025-05-22T12:35:14.174Z",
        "dateReserved": "2025-04-25T15:21:17.262Z",
        "dateUpdated": "2025-05-22T14:00:58.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3939 (GCVE-0-2025-3939)

    Vulnerability from cvelistv5 – Published: 2025-05-22 12:33 – Updated: 2025-05-22 14:02
    VLAI
    Title
    Observable Response Discrepancy
    Summary
    Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3939",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T14:01:37.287802Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T14:02:22.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-97",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-97 Cryptanalysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Observable Response Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:49:10.315Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Observable Response Discrepancy",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3939",
        "datePublished": "2025-05-22T12:33:48.250Z",
        "dateReserved": "2025-04-25T15:21:16.473Z",
        "dateUpdated": "2025-05-22T14:02:22.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3938 (GCVE-0-2025-3938)

    Vulnerability from cvelistv5 – Published: 2025-05-22 12:32 – Updated: 2025-05-22 14:10
    VLAI
    Title
    Missing Cryptographic Step
    Summary
    Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-325 - Missing Cryptographic Step
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T14:03:16.201132Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T14:10:21.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.\u003cbr\u003e"
                }
              ],
              "value": "Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-97",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-97 Cryptanalysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-325",
                  "description": "CWE-325 Missing Cryptographic Step",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:49:32.299Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.honeywell.com/us/en/product-security#security-notices"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Cryptographic Step",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3938",
        "datePublished": "2025-05-22T12:32:01.669Z",
        "dateReserved": "2025-04-25T15:21:15.598Z",
        "dateUpdated": "2025-05-22T14:10:21.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3937 (GCVE-0-2025-3937)

    Vulnerability from cvelistv5 – Published: 2025-05-22 12:23 – Updated: 2025-05-22 14:43
    VLAI
    Title
    Use of Password Hash with Insufficient Computational Effort
    Summary
    Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-916 - Use of Password Hash With Insufficient Computational Effort
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3937",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T14:29:29.244650Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T14:43:13.538Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "QNX"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
                }
              ],
              "value": "Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-97",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-97 Cryptanalysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-916",
                  "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:50:14.135Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.honeywell.com/us/en/product-security#security-notices"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use of Password Hash with Insufficient Computational Effort",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3937",
        "datePublished": "2025-05-22T12:23:42.058Z",
        "dateReserved": "2025-04-25T15:21:14.598Z",
        "dateUpdated": "2025-05-22T14:43:13.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3936 (GCVE-0-2025-3936)

    Vulnerability from cvelistv5 – Published: 2025-05-22 12:20 – Updated: 2025-05-22 17:29
    VLAI
    Title
    Incorrect Permission Assignment for Critical Resource
    Summary
    Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Tridium Niagara Framework Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Tridium Niagara Enterprise Security Affected: 0 , < 4.14.2 (custom)
    Affected: 0 , < 4.15.1 (custom)
    Affected: 0 , < 4.10.11 (custom)
    Create a notification for this product.
    Date Public
    2025-05-08 16:59
    Credits
    Andrea Palanca and team at Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3936",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T17:19:05.444995Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T17:29:38.532Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Niagara Framework",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Niagara Enterprise Security",
              "vendor": "Tridium",
              "versions": [
                {
                  "lessThan": "4.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.15.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.10.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Andrea Palanca and team at Nozomi Networks"
            }
          ],
          "datePublic": "2025-05-08T16:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u0026nbsp;Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.\u003cbr\u003e"
                }
              ],
              "value": "Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-22T12:50:32.521Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.niagara-community.com/category/tech_bull"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.honeywell.com/us/en/product-security#security-notices"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Permission Assignment for Critical Resource",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2025-3936",
        "datePublished": "2025-05-22T12:20:42.337Z",
        "dateReserved": "2025-04-25T15:21:09.014Z",
        "dateUpdated": "2025-05-22T17:29:38.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14483 (GCVE-0-2020-14483)

    Vulnerability from cvelistv5 – Published: 2020-08-13 14:41 – Updated: 2024-08-04 12:46
    VLAI
    Summary
    A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.
    Severity
    No CVSS data available.
    CWE
    • CWE-1088 - SYNCHRONOUS ACCESS OF REMOTE RESOURCE WITHOUT TIMEOUT CWE-1088
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Niagara Affected: Niagara: Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security: Versions 2.4.31, 2.4.45, 4.8.0.35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:46:34.631Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Niagara",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Niagara: Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security: Versions 2.4.31, 2.4.45, 4.8.0.35"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1088",
                  "description": "SYNCHRONOUS ACCESS OF REMOTE RESOURCE WITHOUT TIMEOUT CWE-1088",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-13T14:41:35.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-14483",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Niagara",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Niagara: Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security: Versions 2.4.31, 2.4.45, 4.8.0.35"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SYNCHRONOUS ACCESS OF REMOTE RESOURCE WITHOUT TIMEOUT CWE-1088"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-14483",
        "datePublished": "2020-08-13T14:41:35.000Z",
        "dateReserved": "2020-06-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:46:34.631Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18985 (GCVE-0-2018-18985)

    Vulnerability from cvelistv5 – Published: 2019-01-29 16:00 – Updated: 2024-09-16 17:54
    VLAI
    Summary
    Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tridium Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 Affected: Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4
    Create a notification for this product.
    Date Public
    2019-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106530",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106530"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4",
              "vendor": "Tridium",
              "versions": [
                {
                  "status": "affected",
                  "version": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4"
                }
              ]
            }
          ],
          "datePublic": "2019-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-31T23:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "106530",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106530"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-10T00:00:00",
              "ID": "CVE-2018-18985",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Tridium"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106530",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106530"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-18985",
        "datePublished": "2019-01-29T16:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:54:09.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }