Vulnerabilities have been discovered in Honeywell’s smart building middleware that could allow hackers to manipulate physical systems or disable security alarms, cybersecurity firm Nozomi Networks Labs said Wednesday.
Researchers at the cybersecurity firm have discovered 13 vulnerabilities affecting the Niagara Framework, which was developed by Tridium, a Honeywell company.
Once an attacker gains access to a network, they could use the vulnerability to pivot across an organization’s network to target IoT or IT systems, Nozomi Networks said. This could enable malicious actors to alter building automation processes, disable critical systems or cause broader outages that could lead to safety risks, service interruptions or financial losses, the company said.
Tridium’s Niagara Framework is a software framework designed to connect, manage and control diverse devices in building management, industrial automation and smart infrastructure environments, Tridium says. It acts as a vendor-neutral middleware platform that allows systems like HVAC, lighting, energy management and security to interoperate, “making it a critical backbone for many internet of things technologies across industries worldwide,” Nozomi Networks said.
More than a million instances of the Tridium Niagara Framework exist globally, BankInfo Security reported.
“Because Niagara often connects critical systems and sometimes bridges IoT technology and information technology (IT) networks, it could represent a high-value target,” Nozomi Networks said. “A vulnerability in Niagara has the potential to not only threaten digital assets; it can also lead to other real-world consequences, impacting safety, productivity, and service continuity across sectors like commercial real estate, healthcare, transportation, manufacturing, and energy.”
“These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device (which produces a warning on the security dashboard.) If chained together, they could allow an attacker with access to the same network — such as through a Man-in-the-Middle (MiTM) position — to compromise the Niagara system,” Nozomi Networks said.
The firm noted that vulnerability would depend on a specific network service being configured without encryption, allowing an attacker to collect sensitive data from the network.
The vulnerability was discovered in Niagara Framework version 4.13, with the vendor confirming that Niagara Framework and Niagara Enterprise Security version 4.10u10 and earlier and 4.14u1 and earlier are affected. A full list of vulnerabilities can be found here.
Tridium addressed the vulnerabilities earlier this year through security patches for the Niagara Framework, and released a technical bulletin strongly urging asset owners and operators to address the vulnerabilities.
In addition to updating systems, Tridium says that owners should review and validate users who are authorized and can authenticate Niagara; allow only trained and trusted persons to have physical access to the system, including connected devices; consider using a VPN or other means to ensure secure remote connections into the network; and sign all modules and program objects provided by third-party teams.
Additionally, the company urges operators to review the Niagara Hardening Guide and implement recommended techniques for securing installations and to review the security dashboard for current installations that may have any warnings or errors.
