Name of the Vulnerable Software and Affected Versions:

Tridium Niagara Framework versions prior to 4.14.2, prior to 4.15.1, prior to 4.10.11

Tridium Niagara Enterprise Security versions prior to 4.14.2, prior to 4.15.1, prior to 4.10.11

Description:

The issue affects the Tridium Niagara Framework and Niagara Enterprise Security, allowing cryptanalysis due to the use of a password hash with insufficient computational effort. This can be exploited to gain unauthorized access. Tridium recommends upgrading to specific versions to address the issue.

Recommendations:

For Tridium Niagara Framework versions prior to 4.14.2, upgrade to version 4.14.2u2.

For Tridium Niagara Framework versions prior to 4.15.1, upgrade to version 4.15.u1.

For Tridium Niagara Framework versions prior to 4.10.11, upgrade to version 4.10u.11.

For Tridium Niagara Enterprise Security versions prior to 4.14.2, upgrade to version 4.14.2u2.

For Tridium Niagara Enterprise Security versions prior to 4.15.1, upgrade to version 4.15.u1.

For Tridium Niagara Enterprise Security versions prior to 4.10.11, upgrade to version 4.10u.11.