Primary

Context

Tridium Niagara Framework and Enterprise Security Parameter Injection Vulnerability

Vulnerability

Patched

A vulnerability allowing parameter injection has been identified in the Tridium Niagara Framework and Niagara Enterprise Security. This issue arises from the use of the GET request method with sensitive query strings, creating opportunities for parameter injection attacks. The vulnerability is present in several versions of the Niagara Framework and Niagara Enterprise Security, prior to specific patched releases.

Impact

Exploitation of this vulnerability could lead to unauthorized parameter injection, potentially allowing attackers to manipulate application behavior or data.

Remediation

Users are advised to upgrade to Tridium Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tridium Niagara Framework and Enterprise Security Parameter Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Tridium Niagara Framework

Tridium Niagara Enterprise Security

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating