Niagara Enterprise Security
Approved changes feed: RSS · Atom
cpe:2.3:a:tridium:niagara_enterprise_security:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Tridium (f2a5a3f5-4284-5833-a4b3-3c69c2499d9a) |
|---|---|
| Product | Niagara Enterprise Security (b8675250-24d9-57e0-86d3-89a4c5babe69) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-3945 |
vulnerable | 2026-06-08 07:23:10.182574 |
Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)
HIGH (7.2)
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Published: 2025-05-22T12:47:00.903Z
Updated: 2025-05-22T13:17:49.912Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3944 |
vulnerable | 2026-06-08 07:23:10.181411 |
Incorrect Permission Assignment for Critical Resource
HIGH (7.2)
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Published: 2025-05-22T12:44:55.511Z
Updated: 2025-05-22T13:17:37.301Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3943 |
vulnerable | 2026-06-08 07:23:10.180449 |
Use of GET Request Method With sensitive Query Strings
MEDIUM (4.1)
Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Published: 2025-05-22T12:42:13.893Z
Updated: 2025-05-22T13:19:08.477Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3942 |
vulnerable | 2026-06-08 07:23:10.179450 |
Improper Output Neutralization for Logs
MEDIUM (4.3)
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Published: 2025-05-22T12:40:12.581Z
Updated: 2025-05-22T13:36:18.427Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3941 |
vulnerable | 2026-06-08 07:23:10.178530 |
Improper Handling of Windows: DATA Alternate Data Stream
MEDIUM (5.4)
Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Published: 2025-05-22T12:38:15.750Z
Updated: 2025-05-22T13:52:36.314Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3940 |
vulnerable | 2026-06-08 07:23:10.177436 |
Improper Use of Validation Framework
MEDIUM (5.3)
Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Published: 2025-05-22T12:35:14.174Z
Updated: 2025-05-22T14:00:58.907Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3939 |
vulnerable | 2026-06-08 07:23:10.176542 |
Observable Response Discrepancy
MEDIUM (5.3)
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Published: 2025-05-22T12:33:48.250Z
Updated: 2025-05-22T14:02:22.839Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3938 |
vulnerable | 2026-06-08 07:23:10.175689 |
Missing Cryptographic Step
MEDIUM (6.8)
Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Published: 2025-05-22T12:32:01.669Z
Updated: 2025-05-22T14:10:21.621Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3937 |
vulnerable | 2026-06-08 07:23:10.172641 |
Use of Password Hash with Insufficient Computational Effort
HIGH (7.7)
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Published: 2025-05-22T12:23:42.058Z
Updated: 2025-05-22T14:43:13.538Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3936 |
vulnerable | 2026-06-08 07:23:10.167248 |
Incorrect Permission Assignment for Critical Resource
MEDIUM (6.5)
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Published: 2025-05-22T12:20:42.337Z
Updated: 2025-05-22T17:29:38.532Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-18985 |
vulnerable | 2026-06-08 05:11:15.052834 |
Details available
Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.
Published: 2019-01-29T16:00:00.000Z
Updated: 2024-09-16T17:54:09.008Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.