9.8

CVE-2025-3940

Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TridiumNiagara Version4.10u10
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Version4.14u1
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Version4.15
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Enterprise Security Version4.10u10
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Enterprise Security Version4.14u1
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Enterprise Security Version4.15
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.305
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@honeywell.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-1173 Improper Use of Validation Framework

The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.