Detections
Analytics

Tridium Niagara Incorrect Permission Assignment for Critical Resource (CVE-2025-3944)

high Tenable OT Security Plugin ID 505524

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Upgrade to Niagara Framework and Niagara Enterprise Security version 4.14u2 or later. Updates for 4.10 and 4.15 will be released shortly.
Contact Tridium support at [email protected] for assistance.

See Also

http://www.nessus.org/u?aa3ced70

Plugin Details

Severity: High

ID: 505524

File Name: tenable_ot_generic_CVE-2025-3944.nasl

Version: 1.1

Type: Remote

Family: Tenable.ot

Published: 6/25/2026

Updated: 6/25/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v3

Risk Factor: High

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:tridium:niagara:4.15, cpe:/a:tridium:niagara:4.10u10, cpe:/a:tridium:niagara:4.14u1

Required KB Items: Tenable.ot/assetBag

Patch Publication Date: 5/22/2025

Vulnerability Publication Date: 5/22/2025

Reference Information

CVE: CVE-2025-3944

CWE: 732