Sign-up

ID

VAR-202505-3461


CVE

CVE-2025-3944


TITLE

Tridium  of  Niagara  and  Niagara Enterprise Security  Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2025-006307

DESCRIPTION

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.  Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-3944 // JVNDB: JVNDB-2025-006307

AFFECTED PRODUCTS

vendor:tridiummodel:niagarascope:eqversion:4.10u10

Trust: 1.0

vendor:tridiummodel:niagarascope:eqversion:4.15

Trust: 1.0

vendor:tridiummodel:niagara enterprise securityscope:eqversion:4.10u10

Trust: 1.0

vendor:tridiummodel:niagarascope:eqversion:4.14u1

Trust: 1.0

vendor:tridiummodel:niagara enterprise securityscope:eqversion:4.15

Trust: 1.0

vendor:tridiummodel:niagara enterprise securityscope:eqversion:4.14u1

Trust: 1.0

vendor:tridiummodel:niagara enterprise securityscope: - version: -

Trust: 0.8

vendor:tridiummodel:niagarascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-006307 // NVD: CVE-2025-3944

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@honeywell.com: CVE-2025-3944
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-3944
value: CRITICAL

Trust: 1.0

NVD: CVE-2025-3944
value: CRITICAL

Trust: 0.8

psirt@honeywell.com: CVE-2025-3944
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-3944
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2025-3944
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-006307 // NVD: CVE-2025-3944 // NVD: CVE-2025-3944

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:Improper permission assignment for critical resources (CWE-732) [ others ]

Trust: 0.8

problemtype: Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-006307 // NVD: CVE-2025-3944

EXTERNAL IDS

db:NVDid:CVE-2025-3944

Trust: 2.6

db:JVNDBid:JVNDB-2025-006307

Trust: 0.8

sources: JVNDB: JVNDB-2025-006307 // NVD: CVE-2025-3944

REFERENCES

url:https://www.honeywell.com/us/en/product-security#security-notices

Trust: 1.8

url:https://docs.niagara-community.com/category/tech_bull

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-3944

Trust: 0.8

sources: JVNDB: JVNDB-2025-006307 // NVD: CVE-2025-3944

SOURCES

db:JVNDBid:JVNDB-2025-006307
db:NVDid:CVE-2025-3944

LAST UPDATE DATE

2025-06-06T23:14:13.930000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-006307date:2025-06-05T05:53:00
db:NVDid:CVE-2025-3944date:2025-06-04T19:27:07.777

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-006307date:2025-06-05T00:00:00
db:NVDid:CVE-2025-3944date:2025-05-22T13:15:57.387