Vulnerabilities > Tridium > Niagara Enterprise Security > 4.14u1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-22 | CVE-2025-3936 | Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara and Niagara Enterprise Security Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. | 9.8 |
| 2025-05-22 | CVE-2025-3937 | Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara and Niagara Enterprise Security Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. | 9.8 |
| 2025-05-22 | CVE-2025-3938 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Tridium Niagara and Niagara Enterprise Security Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. | 9.8 |
| 2025-05-22 | CVE-2025-3939 | Information Exposure Through Discrepancy vulnerability in Tridium Niagara and Niagara Enterprise Security Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. | 5.3 |
| 2025-05-22 | CVE-2025-3940 | Unspecified vulnerability in Tridium Niagara and Niagara Enterprise Security Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. | 9.8 |
| 2025-05-22 | CVE-2025-3941 | Use of Incorrectly-Resolved Name or Reference vulnerability in Tridium Niagara and Niagara Enterprise Security Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. | 9.8 |
| 2025-05-22 | CVE-2025-3942 | Improper Encoding or Escaping of Output vulnerability in Tridium Niagara and Niagara Enterprise Security Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. | 7.5 |
| 2025-05-22 | CVE-2025-3943 | Unspecified vulnerability in Tridium Niagara and Niagara Enterprise Security Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. | 7.5 |
| 2025-05-22 | CVE-2025-3944 | Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara and Niagara Enterprise Security Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. | 9.8 |
| 2025-05-22 | CVE-2025-3945 | Argument Injection or Modification vulnerability in Tridium Niagara and Niagara Enterprise Security Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. | 9.8 |