Tridium Niagara Framework Flaws Expose Sensitive Network Data
Cybersecurity researchers at Nozomi Networks Labs have discovered 13 critical vulnerabilities in Tridium’s widely-used Niagara Framework, potentially exposing sensitive network data across building management, industrial automation, and smart infrastructure systems worldwide.
The vulnerabilities, consolidated into 10 distinct CVEs, could allow attackers to compromise systems when encryption is misconfigured, raising significant concerns for critical infrastructure security.
Critical Infrastructure at Risk
The Tridium Niagara Framework serves as middleware connecting diverse IoT devices including HVAC systems, lighting controls, energy management, and security systems.
Developed by Tridium, a Honeywell company, the platform acts as a unified control system for operational technology environments across commercial real estate, healthcare, transportation, manufacturing, and energy sectors.
The discovered vulnerabilities are fully exploitable when Niagara systems disable encryption on network devices, creating a security warning on the dashboard that administrators may overlook.
When chained together, these flaws enable attackers with network access to execute Man-in-the-Middle attacks, potentially compromising entire building automation systems.
The research team identified vulnerabilities affecting Niagara Framework version 4.13, with vendor confirmation extending to versions 4.10u10 and earlier, plus 4.14u1 and earlier.
The most severe vulnerabilities enable lateral movement across networks and operational disruptions that could impact safety and service continuity.
| CVE ID | CWE | CVSS Score | Vector |
| CVE-2025-3937 | CWE-916 | 7.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| CVE-2025-3944 | CWE-732 | 7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2025-3945 | CWE-88 | 7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2025-3938 | CWE-325 | 6.8 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2025-3936 | CWE-732 | 6.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Researchers demonstrated a sophisticated attack chain combining CVE-2025-3943 and CVE-2025-3944.
The first vulnerability exposes CSRF tokens through GET requests in system logs, while the second allows file manipulation leading to root-level remote code execution on QNX-based systems.
The attack requires network access and unencrypted Syslog configuration. Attackers can intercept anti-CSRF tokens, escalate logging levels, hijack administrator sessions, steal TLS certificates, and ultimately achieve complete system compromise.
Tridium responded swiftly with security advisories and patches addressing all identified vulnerabilities.
The company emphasizes following hardening guidelines and best practices, particularly ensuring encryption is enabled for all network communications.
Organizations using Niagara Framework should immediately apply available patches, review encryption configurations, and monitor security dashboards for warnings indicating potential misconfigurations that could expose systems to these attack vectors.
Get Free Ultimate SOC Requirements Checklist Before you build, buy, or switch your SOC for 2025 - Download Now
Source link
