Name of the Vulnerable Software and Affected Versions:

Tridium Niagara Framework versions prior to 4.14.2

Tridium Niagara Framework versions prior to 4.15.1

Tridium Niagara Framework versions prior to 4.10.11

Tridium Niagara Enterprise Security versions prior to 4.14.2

Tridium Niagara Enterprise Security versions prior to 4.15.1

Tridium Niagara Enterprise Security versions prior to 4.10.11

Description:

The issue is related to an Improper Neutralization of Argument Delimiters in a Command, also known as 'Argument Injection'. This allows Command Delimiters, which can be exploited. Tridium recommends upgrading to resolve the issue.

Recommendations:

For Tridium Niagara Framework versions prior to 4.14.2, upgrade to version 4.14.2u2.

For Tridium Niagara Framework versions prior to 4.15.1, upgrade to version 4.15.u1.

For Tridium Niagara Framework versions prior to 4.10.11, upgrade to version 4.10u.11.

For Tridium Niagara Enterprise Security versions prior to 4.14.2, upgrade to version 4.14.2u2.

For Tridium Niagara Enterprise Security versions prior to 4.15.1, upgrade to version 4.15.u1.

For Tridium Niagara Enterprise Security versions prior to 4.10.11, upgrade to version 4.10u.11.