9.8

CVE-2025-3944

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TridiumNiagara Version4.10u10
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Version4.14u1
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Version4.15
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Enterprise Security Version4.10u10
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Enterprise Security Version4.14u1
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Enterprise Security Version4.15
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.246
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@honeywell.com 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.