Researchers from Nozomi Networks Labs have identified 13 security vulnerabilities in Tridium’s Niagara Framework that could enable an attacker on the same network to compromise the system under specific conditions, potentially affecting smart buildings and industrial operations. Nozomi discovered these vulnerabilities in Niagara Framework version 4.13. The vendor has confirmed that multiple versions remain affected, including Niagara Framework and Niagara Enterprise Security version 4.10u10 and earlier, as well as version 4.14u1 and earlier.
“These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device (which produces a warning on the security dashboard),” the researchers identified in a recent blog post. “If chained together, they could allow an attacker with access to the same network — such as through a Man-in-the-Middle (MiTM) position — to compromise the Niagara system. However, this would depend on a specific network service being configured without encryption, allowing the attacker to collect sensitive data from the network.”
Developed by Tridium, a Honeywell company, the Niagara Framework is a widely adopted platform used to integrate, manage, and control diverse operational systems and devices within a single environment. The software framework connects, manages, and controls diverse devices across building systems, industrial automation, and smart infrastructure.
Serving as middleware, Niagara enables seamless integration between systems like HVAC, lighting, energy, and security, making it a core enabler of IoT technologies across industries worldwide. It provides a vendor-neutral solution that connects sensors, controllers, and equipment from different manufacturers, translating their communication protocols into a unified data model.
From a technical perspective, Niagara consists of two main software components that are both installed and run on a single hardware device.
The Platform serves as the foundational software environment, delivering the core services needed to create, deploy, operate, and manage Niagara stations. The Station is the operational component responsible for communicating with connected devices, processing data, and offering user interfaces for monitoring and control. These two components can be managed through Niagara Workbench, the integrated development and configuration tool, which serves as the primary graphical user interface for engineers, developers, and integrators.
Nozomi researchers observed that these vulnerabilities become fully exploitable when a Niagara system is misconfigured, specifically, if encryption is disabled on a network device, which triggers a warning on the security dashboard. When combined, the flaws could allow an attacker with access to the same network, such as through a MiTM position, to compromise the Niagara system.
This could enable lateral movement, where an attacker uses a compromised device as a foothold to move across an organization’s network, targeting other IoT or IT systems. It could also lead to operational disruptions, allowing malicious actors to alter building automation processes, disable critical systems, or trigger broader outages, resulting in safety risks, service interruptions, and financial losses.
Given the critical functions that can be controlled by Niagara-powered systems, these vulnerabilities may pose a high risk to operational resilience and security, provided the instance has not been configured per Tridium’s hardening guidelines and best practices.
“After carefully analyzing the vulnerabilities described above, we identified a compelling attack chain that could enable an attacker, starting with having access inside the network (adjacent attacker), to compromise a Niagara-based target device within a network,” according to the researchers. “This includes compromising both the Station and the Platform, and ultimately achieving root-level remote code execution (RCE) on the device itself.”
Nozomi detailed two vulnerabilities that are central to the attack chain. In case of the CVE-2025-3943 vulnerability, the Niagara Framework uses a CSRF token to validate state-changing HTTP requests and protect against cross-site request forgery. However, researchers found that the CSRF refresh token is transmitted, specifically through the ‘spy’ function of the Niagara Workbench, using the GET method. As GET requests can be logged, and the token remains static for the entire session, an attacker could extract the token from logs and use it to launch malicious CSRF attacks.
Frequent interactions with the Workbench administration panel trigger Content Security Policy (CSP) violation reports that include these requests, further increasing log exposure. If Syslog is enabled and configured to transmit logs over an unencrypted channel, an attacker in a MiTM position could intercept the CSRF token in transit.
For the second vulnerability, CVE-2025-3944, the Niagara Framework provides a secure file transfer mechanism that restricts administrator access to sensitive files. However, on systems running the QNX-based Niagara operating system, it fails to properly safeguard a file on devices running the QNX-based Niagara operating system. “An authenticated attacker with administrative privileges can overwrite this file and leverage specific dhcpd[dot]conf hooks — such as on commit, on release, and on expiry — to execute arbitrary code with root privileges on the Niagara QNX-based operating system.”
To execute this attack chain, two conditions must be met. First, the attacker must be able to sniff network traffic or carry out a MitM attack on communications to and from the Tridium Niagara device. Second, Syslog must be enabled and configured to forward logs to a Syslog server over an unencrypted channel, a setting that triggers a warning on the security dashboard.
If these preconditions are met, the attacker could execute a couple of steps. First, the attacker intercepts the anti-CSRF refresh token over the network). By exploiting this flaw, a network-adjacent attacker can analyze unencrypted Syslog traffic to extract the CSRF token, which is exposed via CSP violation reports generated by the Niagara Workbench.
Next, the attacker escalates log collection. Using the stolen token, they craft a CSRF attack that tricks an administrator into visiting a malicious link. This link silently changes the logging level of the web[dot]jetty component to ALL, causing the device to log the full content of all incoming HTTP requests and responses.
With expanded log access, the attacker moves to session hijacking. They extract the administrator’s JSESSIONID session token from the Syslog stream, then use it to connect to the Station with full administrative privileges and create a new backdoor admin account for persistent access.
The attacker then compromises the Platform by stealing cryptographic credentials. Using their admin access, they download the device’s private TLS key via a built-in function. Because the Station and Platform share the same certificate infrastructure, the attacker can now intercept and decrypt all future TLS sessions to the device, gaining persistent control over the entire platform.
Finally, with full Platform access, the attacker exploits CVE-2025-3944 to achieve remote code execution as root on the underlying QNX operating system, resulting in complete system takeover.
Tridium has addressed these vulnerabilities through security patches for the Niagara Framework. A security report has been published by the Tridium product security team.
Nozomi urged asset owners and operators to take immediate action. They should review Tridium’s security advisory for detailed guidance and update all affected Niagara installations to the latest patched version without delay. Implementing network segmentation is critical to limit system exposure.
Organizations should also monitor network traffic for signs of vulnerable assets or suspicious activity related to Niagara devices. This can be done using tools like Nozomi Networks Guardian, which provides vulnerability and threat detection capabilities. Taking prompt action is essential to safeguard critical infrastructure and maintain operational integrity.
