Details of VAR-202505-2874

ID

VAR-202505-2874

CVE

CVE-2025-3942

TITLE

Tridium of Niagara and Niagara Enterprise Security Encoding and escaping vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2025-006308

DESCRIPTION

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11

Trust: 1.62

sources: NVD: CVE-2025-3942 // JVNDB: JVNDB-2025-006308

AFFECTED PRODUCTS

vendor:	tridium	model:	niagara	scope:	eq	version:	4.10u10	Trust: 1.0
vendor:	tridium	model:	niagara	scope:	eq	version:	4.15	Trust: 1.0
vendor:	tridium	model:	niagara enterprise security	scope:	eq	version:	4.10u10	Trust: 1.0
vendor:	tridium	model:	niagara	scope:	eq	version:	4.14u1	Trust: 1.0
vendor:	tridium	model:	niagara enterprise security	scope:	eq	version:	4.15	Trust: 1.0
vendor:	tridium	model:	niagara enterprise security	scope:	eq	version:	4.14u1	Trust: 1.0
vendor:	tridium	model:	niagara enterprise security	scope:	-	version:	-	Trust: 0.8
vendor:	tridium	model:	niagara	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-006308 // NVD: CVE-2025-3942

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@honeywell.com:	CVE-2025-3942
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-3942
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-3942
value:	HIGH
Trust: 0.8

psirt@honeywell.com:	CVE-2025-3942
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-3942
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2025-3942
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-006308 // NVD: CVE-2025-3942 // NVD: CVE-2025-3942

PROBLEMTYPE DATA

problemtype:	CWE-117	Trust: 1.0
problemtype:	CWE-116	Trust: 1.0
problemtype:	Improper encoding or output escaping (CWE-116) [NVD evaluation ]	Trust: 0.8
problemtype:	Disabling inappropriate logging (CWE-117) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-006308 // NVD: CVE-2025-3942

EXTERNAL IDS

db:	NVD	id:	CVE-2025-3942	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-006308	Trust: 0.8

sources: JVNDB: JVNDB-2025-006308 // NVD: CVE-2025-3942

REFERENCES

url:	https://www.honeywell.com/us/en/product-security#security-notices	Trust: 1.8
url:	https://www.tridium.com/us/en/product-security	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-3942	Trust: 0.8

sources: JVNDB: JVNDB-2025-006308 // NVD: CVE-2025-3942

SOURCES

db:	JVNDB	id:	JVNDB-2025-006308
db:	NVD	id:	CVE-2025-3942

LAST UPDATE DATE

2025-06-06T23:32:41.563000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-006308	date:	2025-06-05T05:54:00
db:	NVD	id:	CVE-2025-3942	date:	2025-06-04T19:27:59.903

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-006308	date:	2025-06-05T00:00:00
db:	NVD	id:	CVE-2025-3942	date:	2025-05-22T13:15:57.123