PT-2025-22463 · Tridium+1 · Tridium Niagara Ax Framework+2
Published
2025-05-22
·
Updated
2025-06-04
·
CVE-2025-3936
CVSS v2.0
10
Critical
| AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Tridium Niagara Framework versions prior to 4.14.2
Tridium Niagara Framework versions prior to 4.15.1
Tridium Niagara Framework versions prior to 4.10.11
Tridium Niagara Enterprise Security versions prior to 4.14.2
Tridium Niagara Enterprise Security versions prior to 4.15.1
Tridium Niagara Enterprise Security versions prior to 4.10.11
Description
The issue affects Tridium Niagara Framework and Tridium Niagara Enterprise Security on Windows, allowing exploitation of incorrectly configured access control security levels due to an Incorrect Permission Assignment for Critical Resource vulnerability.
Recommendations
For Tridium Niagara Framework versions prior to 4.14.2, upgrade to version 4.14.2u2.
For Tridium Niagara Framework versions prior to 4.15.1, upgrade to version 4.15.u1.
For Tridium Niagara Framework versions prior to 4.10.11, upgrade to version 4.10u.11.
For Tridium Niagara Enterprise Security versions prior to 4.14.2, upgrade to version 4.14.2u2.
For Tridium Niagara Enterprise Security versions prior to 4.15.1, upgrade to version 4.15.u1.
For Tridium Niagara Enterprise Security versions prior to 4.10.11, upgrade to version 4.10u.11.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tridium Niagara Enterprise Security
Tridium Niagara Ax Framework
Windows