Primary

Context

Tridium Niagara Framework and Enterprise Security Argument Injection Vulnerability on QNX

Vulnerability

Patched

A vulnerability allowing improper neutralization of argument delimiters, known as argument injection, has been identified in the Tridium Niagara Framework and Niagara Enterprise Security, both on QNX. This vulnerability allows command delimiters to be manipulated. Affected versions include Niagara Framework prior to 4.14.2, 4.15.1, and 4.10.11, as well as Niagara Enterprise Security versions prior to 4.14.2, 4.15.1, and 4.10.11.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution by injecting malicious arguments that are not properly sanitized, potentially allowing attackers to manipulate application behavior or access sensitive information.

Remediation

Users are advised to upgrade to Tridium Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tridium Niagara Framework and Enterprise Security Argument Injection Vulnerability on QNX

Vulnerability

Impact

Remediation

Affected Products

Tridium Niagara Framework

Tridium Niagara Enterprise Security

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating