SecuriTricks - CVE-2025-3942

Description

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Product(s) Impacted

Vendor	Product	Versions
Tridium	Niagara Framework Niagara Enterprise Security	<4.14.2, <4.15.1, <4.10.11 <4.14.2, <4.15.1, <4.10.11

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-117

Improper Output Neutralization for Logs

The product does not neutralize or incorrectly neutralizes output that is written to logs.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	tridium	niagara_framework	<4.14.2	/	/	/	/	/	/	/
a	tridium	niagara_framework	<4.15.1	/	/	/	/	/	/	/
a	tridium	niagara_framework	<4.10.11	/	/	/	/	/	/	/
a	tridium	niagara_enterprise_security	<4.14.2	/	/	/	/	/	/	/
a	tridium	niagara_enterprise_security	<4.15.1	/	/	/	/	/	/	/
a	tridium	niagara_enterprise_security	<4.10.11	/	/	/	/	/	/	/

References

https://www.honeywell.com/us/en/product-security#security-notices

https://www.tridium.com/us/en/product-security

CVSS Score

4.3 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: LOW
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

View Vector String

Timeline

Published: May 22, 2025, 1:15 p.m.
Last Modified: May 23, 2025, 3:55 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@honeywell.com

CVE-2025-3942