Name of the Vulnerable Software and Affected Versions:

Tridium Niagara Framework versions prior to 4.14.2, prior to 4.15.1, prior to 4.10.11

Tridium Niagara Enterprise Security versions prior to 4.14.2, prior to 4.15.1, prior to 4.10.11

Description:

The issue affects Tridium Niagara Framework and Tridium Niagara Enterprise Security, allowing Parameter Injection through the use of GET Request Method With Sensitive Query Strings.

Recommendations:

For Tridium Niagara Framework versions prior to 4.14.2, upgrade to version 4.14.2u2.

For Tridium Niagara Framework versions prior to 4.15.1, upgrade to version 4.15.u1.

For Tridium Niagara Framework versions prior to 4.10.11, upgrade to version 4.10u.11.

For Tridium Niagara Enterprise Security versions prior to 4.14.2, upgrade to version 4.14.2u2.

For Tridium Niagara Enterprise Security versions prior to 4.15.1, upgrade to version 4.15.u1.

For Tridium Niagara Enterprise Security versions prior to 4.10.11, upgrade to version 4.10u.11.