CVE-2025-3939
22.05.2025, 13:15
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.Enginsight
| Vendor | Product | Version |
|---|---|---|
| tridium | niagara | 4.10u10:u10 |
| tridium | niagara | 4.14u1:u1 |
| tridium | niagara | 4.15 |
| tridium | niagara_enterprise_security | 4.10u10:u10 |
| tridium | niagara_enterprise_security | 4.14u1:u1 |
| tridium | niagara_enterprise_security | 4.15 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-204 - Observable Response DiscrepancyThe product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
- CWE-203 - Observable DiscrepancyThe product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.