Primary

Context

Tridium Niagara Framework and Enterprise Security Improper Input Data Validation Vulnerability

Vulnerability

Patched

A vulnerability allowing input data manipulation has been identified in the Tridium Niagara Framework and Niagara Enterprise Security. This issue arises from improper use of the validation framework and affects multiple platforms, including Windows, Linux, and QNX. The vulnerability is present in several versions of the Niagara Framework and Enterprise Security, prior to 4.14.2, 4.15.1, and 4.10.11.

Impact

Exploitation of this vulnerability could lead to unauthorized manipulation of input data, potentially causing unexpected behavior in the application or system.

Remediation

Users are advised to upgrade to Tridium Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tridium Niagara Framework and Enterprise Security Improper Input Data Validation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Tridium Niagara Framework

Tridium Niagara Enterprise Security

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating