CVE-2025-3938

MEDIUM6.8

Missing Cryptographic Step

Published May 22, 2025

Modified 9 months ago

Details

Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

References

ADVISORY

https://docs.niagara-community.com/category/tech_bull

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-3938

ADVISORY

https://www.honeywell.com/us/en/product-security#security-notices

CVSS Analysis

CVSS v3.1

6.8

Exploitability

Attack Vector