Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Tridium — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting Tridium. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Tridium develops Niagara Framework, a building automation and IoT platform used for managing smart buildings and industrial control systems. Historically, the platform has been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often due to improper input validation and authentication flaws. With 11 CVEs on record, security researchers have identified weaknesses in its web interface and communication protocols. While no major public incidents have been widely documented, the platform's widespread deployment in critical infrastructure makes it a potential target for attackers. Its integration with numerous third-party systems creates additional attack surfaces, necessitating robust security measures to prevent unauthorized access and system compromise.

Top products by Tridium: Niagara Framework Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4
CVE IDTitleCVSSSeverityPublished
CVE-2025-3945 Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) — Niagara FrameworkCWE-88 7.2 High2025-05-22
CVE-2025-3944 Incorrect Permission Assignment for Critical Resource — Niagara FrameworkCWE-732 7.2 High2025-05-22
CVE-2025-3943 Use of GET Request Method With sensitive Query Strings — Niagara FrameworkCWE-598 4.1 Medium2025-05-22
CVE-2025-3942 Improper Output Neutralization for Logs — Niagara FrameworkCWE-117 4.3 Medium2025-05-22
CVE-2025-3941 Improper Handling of Windows: DATA Alternate Data Stream — Niagara FrameworkCWE-69 5.4 Medium2025-05-22
CVE-2025-3940 Improper Use of Validation Framework — Niagara FrameworkCWE-1173 5.3 Medium2025-05-22
CVE-2025-3939 Observable Response Discrepancy — Niagara FrameworkCWE-204 5.3 Medium2025-05-22
CVE-2025-3938 Missing Cryptographic Step — Niagara FrameworkCWE-325 6.8 Medium2025-05-22
CVE-2025-3937 Use of Password Hash with Insufficient Computational Effort — Niagara FrameworkCWE-916 7.7 High2025-05-22
CVE-2025-3936 Incorrect Permission Assignment for Critical Resource — Niagara FrameworkCWE-732 6.5 Medium2025-05-22
CVE-2018-18985 TRIDIUM Niagara Enterprise Security、Niagara AX和Niagara 跨站脚本漏洞 — Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4CWE-79 5.4 -2019-01-29

This page lists every published CVE security advisory associated with Tridium. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.