Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| Link | Resource |
|---|---|
| https://docs.niagara-community.com/category/tech_bull | Permissions Required |
| https://www.honeywell.com/us/en/product-security#security-notices | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
04 Jun 2025, 19:53
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CPE | cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
| CWE | CWE-732 | |
| First Time |
Tridium niagara Enterprise Security
Microsoft windows Microsoft Tridium Tridium niagara |
|
| References | () https://www.honeywell.com/us/en/product-security#security-notices - Vendor Advisory | |
| References | () https://docs.niagara-community.com/category/tech_bull - Permissions Required |
22 May 2025, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-05-22 13:15
Updated : 2025-06-04 19:53
NVD link : CVE-2025-3936
Mitre link : CVE-2025-3936
JSON object : View
Products Affected
tridium
- niagara_enterprise_security
- niagara
microsoft
- windows
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource