Details of VAR-202505-3992

ID

VAR-202505-3992

CVE

CVE-2025-3940

TITLE

Tridium of Niagara and Niagara Enterprise Security Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-006330

DESCRIPTION

Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-3940 // JVNDB: JVNDB-2025-006330

AFFECTED PRODUCTS

vendor:	tridium	model:	niagara	scope:	eq	version:	4.10u10	Trust: 1.0
vendor:	tridium	model:	niagara	scope:	eq	version:	4.15	Trust: 1.0
vendor:	tridium	model:	niagara enterprise security	scope:	eq	version:	4.10u10	Trust: 1.0
vendor:	tridium	model:	niagara	scope:	eq	version:	4.14u1	Trust: 1.0
vendor:	tridium	model:	niagara enterprise security	scope:	eq	version:	4.15	Trust: 1.0
vendor:	tridium	model:	niagara enterprise security	scope:	eq	version:	4.14u1	Trust: 1.0
vendor:	tridium	model:	niagara enterprise security	scope:	-	version:	-	Trust: 0.8
vendor:	tridium	model:	niagara	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-006330 // NVD: CVE-2025-3940

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@honeywell.com:	CVE-2025-3940
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-3940
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2025-3940
value:	CRITICAL
Trust: 0.8

psirt@honeywell.com:	CVE-2025-3940
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-3940
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2025-3940
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-006330 // NVD: CVE-2025-3940 // NVD: CVE-2025-3940

PROBLEMTYPE DATA

problemtype:	CWE-1173	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Improper use of validation frameworks (CWE-1173) [ others ]	Trust: 0.8
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-006330 // NVD: CVE-2025-3940

EXTERNAL IDS

db:	NVD	id:	CVE-2025-3940	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-006330	Trust: 0.8

sources: JVNDB: JVNDB-2025-006330 // NVD: CVE-2025-3940

REFERENCES

url:	https://honeywell.com/us/en/product-security#security-notices	Trust: 1.8
url:	https://docs.niagara-community.com/category/tech_bull	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-3940	Trust: 0.8

sources: JVNDB: JVNDB-2025-006330 // NVD: CVE-2025-3940

SOURCES

db:	JVNDB	id:	JVNDB-2025-006330
db:	NVD	id:	CVE-2025-3940

LAST UPDATE DATE

2025-06-06T23:24:43.579000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-006330	date:	2025-06-05T06:32:00
db:	NVD	id:	CVE-2025-3940	date:	2025-06-04T19:28:55.960

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-006330	date:	2025-06-05T00:00:00
db:	NVD	id:	CVE-2025-3940	date:	2025-05-22T13:15:56.870