Critical Flaws in Tridium’s Niagara Framework Enable Root‑Level Takeover of Building Automation Systems

Cybersecurity researchers at Nozomi Networks Labs uncovered 13 critical vulnerabilities spanning nine CVEs in Tridium’s widely used Niagara Framework (versions 4.10u10, 4.14u1 and earlier). Flaws like improper password hashing (CVE‑2025‑3937), incorrect permissions and argument injection can be chained—especially over unencrypted Syslog—to achieve root‑level remote code execution and full system compromise. Tridium has released patches and urges immediate updates and network segmentation.

Categories

Critical Flaws in Tridium’s Niagara Framework Enable Root‑Level Takeover of Building Automation Systems

Also Read

US Launches 'Pax Silica' Pact to Secure AI Supply Chains from China

Antitrust Scrutiny Looms Over Netflix’s $72 Billion Warner Bros. Acquisition

Security Flaw Exposes Thousands of Photo Booth Customer Pictures

Gemini AI Now Built Into Chrome for iPhone and iPad

Banks Revert to Physical KYC Amid Surging Digital Fraud

Deccan AI Launches Premium Tier for Advanced Model Training

Reddit Sues Australia Over Social Media Ban for Under-16s

Apple Contempt Upheld, Commission Ban Overturned

Crypto and Verified Identity: World Launches All-in-One Super App

Download the TechShots App

Subscribe To Our Newsletter.