Every CVE whose affected-product data names Tridium Niagara, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2017-16748 — CVSS 9.8 (critical): An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and…
CVE-2025-3937 — CVSS 7.7 (high): Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium…
CVE-2017-16744 — CVSS 7.2 (high): A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on…
CVE-2025-3944 — CVSS 7.2 (high): Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise…
CVE-2025-3945 — CVSS 7.2 (high): Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX…
CVE-2025-3936 — CVSS 6.5 (medium): Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise…
CVE-2025-3941 — CVSS 5.4 (medium): Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise…
CVE-2018-18985 — CVSS 5.4 (medium): Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara…
CVE-2025-3940 — CVSS 5.3 (medium): Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security…
CVE-2025-3942 — CVSS 4.3 (medium): Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise…
CVE-2020-14483 — CVSS 4.3 (medium): A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and…
CVE-2025-3943 — CVSS 4.1 (medium): Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara…