Tridium's Niagara Framework has over a dozen security vulnerabilities that could be exploited if the system is misconfigured to disable encryption. An attacker on the same network can compromise the system, especially through Man-in-the-Middle attacks. The framework, which manages a range of devices, is crucial for building management and automation. Specific vulnerabilities include incorrect permission assignments and missing cryptographic steps, all scoring 9.8 on the CVSS scale, indicating critical severity. Such issues threaten safety, productivity, and service continuity in operational environments.
"These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device," Nozomi Networks Labs said in a report published last week.
"If chained together, they could allow an attacker with access to the same network - such as through a Man-in-the-Middle (MiTM) position - to compromise the Niagara system."
"The vulnerabilities identified by Nozomi Networks are exploitable should a Niagara system be misconfigured, causing encryption to be disabled on a network device and opening the door to lateral movement and broader operational disruptions, impacting safety, productivity, and service continuity."
"Developed by Tridium, an independent business entity of Honeywell, the Niagara Framework is a vendor-neutral platform used to manage and control a wide range of devices from different manufacturers."
Collection
[
|
...
]