Sign-up

ID

VAR-202505-3468


CVE

CVE-2025-3936


TITLE

Tridium  of  Niagara  and  Niagara Enterprise Security  Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2025-006235

DESCRIPTION

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.  Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-3936 // JVNDB: JVNDB-2025-006235

AFFECTED PRODUCTS

vendor:tridiummodel:niagarascope:eqversion:4.10u10

Trust: 1.0

vendor:tridiummodel:niagarascope:eqversion:4.15

Trust: 1.0

vendor:tridiummodel:niagara enterprise securityscope:eqversion:4.10u10

Trust: 1.0

vendor:tridiummodel:niagarascope:eqversion:4.14u1

Trust: 1.0

vendor:tridiummodel:niagara enterprise securityscope:eqversion:4.15

Trust: 1.0

vendor:tridiummodel:niagara enterprise securityscope:eqversion:4.14u1

Trust: 1.0

vendor:tridiummodel:niagara enterprise securityscope: - version: -

Trust: 0.8

vendor:tridiummodel:niagarascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-006235 // NVD: CVE-2025-3936

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@honeywell.com: CVE-2025-3936
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-3936
value: CRITICAL

Trust: 1.0

NVD: CVE-2025-3936
value: CRITICAL

Trust: 0.8

psirt@honeywell.com: CVE-2025-3936
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.0
impactScore: 4.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-3936
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2025-3936
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-006235 // NVD: CVE-2025-3936 // NVD: CVE-2025-3936

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]

Trust: 0.8

problemtype: Improper permission assignment for critical resources (CWE-732) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-006235 // NVD: CVE-2025-3936

EXTERNAL IDS

db:NVDid:CVE-2025-3936

Trust: 2.6

db:JVNDBid:JVNDB-2025-006235

Trust: 0.8

sources: JVNDB: JVNDB-2025-006235 // NVD: CVE-2025-3936

REFERENCES

url:https://www.honeywell.com/us/en/product-security#security-notices

Trust: 1.8

url:https://docs.niagara-community.com/category/tech_bull

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-3936

Trust: 0.8

sources: JVNDB: JVNDB-2025-006235 // NVD: CVE-2025-3936

SOURCES

db:JVNDBid:JVNDB-2025-006235
db:NVDid:CVE-2025-3936

LAST UPDATE DATE

2025-06-06T19:31:19.394000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-006235date:2025-06-05T01:32:00
db:NVDid:CVE-2025-3936date:2025-06-04T19:53:35.800

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-006235date:2025-06-05T00:00:00
db:NVDid:CVE-2025-3936date:2025-05-22T13:15:56.317