Primary

Context

Tridium Niagara Framework and Enterprise Security Password Hash Vulnerability Allowing Cryptanalysis

Vulnerability

Patched

A vulnerability exists in the Tridium Niagara Framework and Niagara Enterprise Security, all prior to certain versions, due to the use of password hashes that require insufficient computational effort. This weakness allows for cryptanalysis, potentially compromising password security.

Impact

Exploitation of this vulnerability could lead to successful cryptographic attacks, allowing an adversary to recover passwords or password equivalents, thereby gaining unauthorized access to user accounts or systems.

Remediation

Users are advised to upgrade to Tridium Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tridium Niagara Framework and Enterprise Security Password Hash Vulnerability Allowing Cryptanalysis

Vulnerability

Impact

Remediation

Affected Products

Tridium Niagara Framework

Tridium Niagara Enterprise Security

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating