Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide
Summary:
Cybersecurity researchers at Nozomi Networks have uncovered over a dozen security vulnerabilities in Tridium’s Niagara Framework, a platform used in building management, industrial automation, and smart infrastructure systems. The framework manages diverse systems such as HVAC, lighting, energy, and security through two main components: Station and Platform. Under certain misconfiguration scenarios, specifically where encryption is disabled, an attacker with access to the same network could fully exploit these vulnerabilities to compromise the system.
Among the critical issues are CVEs such as CVE-2025-3936, CVE-2025-3937, CVE-2025-3938, CVE-2025-3941, CVE-2025-3944, and CVE-2025-3945, each carrying a high CVSS score of 9.8. Nozomi researchers demonstrated how an attacker could chain CVE-2025-3943 and CVE-2025-3944 to gain root-level remote code execution. The exploit begins by intercepting an anti-CSRF token through unencrypted logs when the Syslog service is enabled. With this token, the attacker performs a CSRF attack, tricks an admin into visiting a malicious link, and harvests their session token. This access allows the attacker to create a backdoor admin user, download the device’s TLS private key, and carry out adversary-in-the-middle attacks.By exploiting the shared certificate infrastructure between the Station and Platform, attackers can escalate privileges and achieve full system control. These vulnerabilities have been patched in Niagara versions 4.14.2u2, 4.15u1, and 4.10u.11. Tridium emphasized that if systems are not configured according to their hardening guidelines, they pose significant operational and security risks, especially since Niagara often connects IoT and IT environments.
Security Officer Comments:
In a broader context of industrial cybersecurity, Nozomi also disclosed critical memory corruption vulnerabilities in the P-Net C library, which supports the PROFINET protocol. CVE-2025-32399 can be used to drive CPUs into an infinite loop, consuming all resources, while CVE-2025-32405 allows memory corruption via buffer overflows, rendering devices unusable. These issues were resolved in version 1.0.2 released in April 2025.
Suggested Corrections:
Asset owners and operators are strongly urged to:
https://thehackernews.com/2025/07/critical-flaws-in-niagara-framework.html
Cybersecurity researchers at Nozomi Networks have uncovered over a dozen security vulnerabilities in Tridium’s Niagara Framework, a platform used in building management, industrial automation, and smart infrastructure systems. The framework manages diverse systems such as HVAC, lighting, energy, and security through two main components: Station and Platform. Under certain misconfiguration scenarios, specifically where encryption is disabled, an attacker with access to the same network could fully exploit these vulnerabilities to compromise the system.
Among the critical issues are CVEs such as CVE-2025-3936, CVE-2025-3937, CVE-2025-3938, CVE-2025-3941, CVE-2025-3944, and CVE-2025-3945, each carrying a high CVSS score of 9.8. Nozomi researchers demonstrated how an attacker could chain CVE-2025-3943 and CVE-2025-3944 to gain root-level remote code execution. The exploit begins by intercepting an anti-CSRF token through unencrypted logs when the Syslog service is enabled. With this token, the attacker performs a CSRF attack, tricks an admin into visiting a malicious link, and harvests their session token. This access allows the attacker to create a backdoor admin user, download the device’s TLS private key, and carry out adversary-in-the-middle attacks.By exploiting the shared certificate infrastructure between the Station and Platform, attackers can escalate privileges and achieve full system control. These vulnerabilities have been patched in Niagara versions 4.14.2u2, 4.15u1, and 4.10u.11. Tridium emphasized that if systems are not configured according to their hardening guidelines, they pose significant operational and security risks, especially since Niagara often connects IoT and IT environments.
Security Officer Comments:
In a broader context of industrial cybersecurity, Nozomi also disclosed critical memory corruption vulnerabilities in the P-Net C library, which supports the PROFINET protocol. CVE-2025-32399 can be used to drive CPUs into an infinite loop, consuming all resources, while CVE-2025-32405 allows memory corruption via buffer overflows, rendering devices unusable. These issues were resolved in version 1.0.2 released in April 2025.
Suggested Corrections:
Asset owners and operators are strongly urged to:
- Review Tridium’s security advisory for detailed guidance.
- Update affected Niagara installations to the latest patched version as soon as possible.
- Implement network segmentation to limit exposure of systems.
- Monitor network traffic for the presence of vulnerable assets and suspicious activity related to Niagara devices
https://thehackernews.com/2025/07/critical-flaws-in-niagara-framework.html