Tridium Niagara is a leading software framework designed to connect, manage, and control diverse devices in building management, industrial automation, and smart infrastructure environments. It acts as a middleware platform that enables different systems — such as HVAC, lighting, energy management, and security — to interoperate seamlessly, making it a critical backbone for many internet of the things technology (IoT) across industries worldwide.
Recently, researchers at Nozomi Networks uncovered 13 vulnerabilities affecting the Tridium Niagara framework. These vulnerabilities, if chained together, could allow an attacker with access to the same network — such as through a Man-in-the-Middle (MiTM) position — to fully compromise a Niagara system without needing any special privileges.
In response, Tridium has issued a security advisory and released patches to address these vulnerabilities.
This blog post discusses the findings discovered in Tridium Niagara framework, their potential impacts, and the recommended mitigations.
リサーチ範囲
The Niagara Framework, developed by Tridium (a Honeywell company), is a widely adopted platform used to integrate, manage, and control diverse operational systems and devices within a single environment. Niagara provides a vendor-neutral solution that connects sensors, controllers, and equipment from different manufacturers, translating their communication protocols into a unified data model.
From a technical point of view the framework is made up of two main software components installed and both running on a single hardware device:
- The Platform is the underlying software environment that provides the core services required to create, deploy, run, and supervise Niagara Stations.
- The Station represents the operational component that communicates with devices, processes data and provides user interfaces for monitoring and control.
These two components can be managed through Niagara Workbench, the integrated development and configuration tool, which serves as the primary graphical user interface for engineers, developers, and integrators.

Because the Niagara Framework often connects critical systems and sometimes bridges IoT technology and information technology (IT) networks, it represents a high-value target. A vulnerability in Niagara does not only threaten digital assets; it can also lead to real-world physical consequences, impacting safety, productivity, and service continuity across sectors like commercial real estate, healthcare, transportation, manufacturing, and energy.
Potential Impact of the Vulnerabilities
The discovered vulnerabilities, if chained together, allow an adjacent attacker — one positioned on the same network segment — to fully compromise a Niagara device. This could enable:
- Lateral Movement (T1210 – Exploitation of Remote Services): An attacker could use a compromised device as a beachhead to pivot across an organization's network, targeting other IoT or IT systems.
- Operational Disruptions (T1499 – Endpoint Denial of Service): Malicious actors could alter building automation processes, disable critical systems, or cause broader outages, leading to safety risks, service interruptions, and financial losses.
Given the critical functions controlled by Niagara-powered systems, these vulnerabilities pose a high risk to operational resilience and security.
脆弱性リストと影響を受けるバージョン
Nozomi Networks discovered these vulnerabilities in Niagara Framework version 4.13.8.2. Furthermore, the vendor confirmed that the following versions also remain affected:
- Niagara Framework and Niagara Enterprise Security version 4.10u11
- Niagara Framework and Niagara Enterprise Security version 4.14u2
- Niagara Framework and Niagara Enterprise Security version 4.15
The table below lists the vulnerabilities confirmed by Tridium. It is important to note that five of the 13 identified issues were consolidated into two CVEs, resulting in a total of ten distinct CVEs. Results are sorted by CVSS 3.1 score from most to least severe.
脆弱性スポットライト
After carefully analyzing the vulnerabilities described above, we identified a compelling attack chain that could enable an attacker, starting with having access inside the network (adjacent attacker), to fully compromise a Niagara-based target device within a network. This includes compromising both the Station and the Platform, and ultimately achieving root-level remote code execution (RCE) on the device itself.
Two vulnerabilities are involved in the attack chain.
CVE-2025-3943
The Niagara Framework employs a CSRF token to validate every state-changing HTTP request and prevent cross-site request forgery attacks. However, analysis revealed that the CSRF refresh token is transmitted by the Niagara Workbench software through the /ord endpoint, specifically via the spy functionality, using the GET method. Because data sent through GET requests can often be logged, and the CSRF token remains unchanged for the entire session, attackers may be able to retrieve it from logs and exploit it to craft malicious CSRF attacks. Below is an example of a request to the /ord endpoint passing the CSRF refresh token through the GET method.
It is important to highlight that interacting with the Niagara Workbench administration panel frequently triggers CSP violation reports through various HTTP requests. As a result, requests containing the refresh anti-CSRF token are logged. Furthermore, if Syslog is enabled, these logs may also be transmitted across the network — potentially over an unencrypted channel — increasing the risk of token exposure.
Here an example of generated CSP report sent to a specific /csp-reports endpoint:
The CSP violation report furthermore generates the following logs sent over the network through Syslog.

As a result, if the Syslog service is configured to send data using an unencrypted channel, an adjacent attacker with the capability to sniff the network traffic (e.g: through a MiTM attack) would be able to intercept the anti-CSRF refresh token.
CVE-2025-3944
The Niagara Framework offers a secure file transfer feature that restricts administrators from accessing or modifying sensitive files; however, it does not properly safeguard the /etc/dhcpd/dhcpd.conf file on devices running the QNX-based Niagara operating system. An authenticated attacker with administrative privileges can overwrite this file and leverage specific dhcpd.conf hooks — such as on commit, on release, and on expiry — to execute arbitrary code with root privileges on the Niagara QNX-based operating system.
Here is an example of an on-commit hook which, when inserted into a legitimate dhcpd.conf file, can trigger the exfiltration of the contents of root-readable files such as /etc/passwd and /etc/shadow saving the data inside the /tmp/out file.
Preconditions for the Attack
To successfully carry out this attack chain, two conditions must be met:
- The attacker must be able to sniff or perform a Man-in-the-Middle (MitM) attack on the traffic to and from the Tridium Niagara device.
- Syslog functionality must be enabled (which is true by default) and must be configured to forward logs to a Syslog server without encryption.
Figure 3 shows a possible attack scenario where a Niagara-based Tridium Jace 8000 is deployed on a local network.

If these preconditions are satisfied, the attacker can execute the following steps:
- Intercept the anti-CSRF refresh token sent over the network (CVE-2025-3943): As said, by exploiting CVE-2025-3943, an adjacent attacker sniffing the network is able to analyze the Syslog network traffic in order to intercept the anti-CSRF token that is sent over the network due to the CSP violation report generated by the Niagara Workbench software (Figure 4).

- Escalate Log Collection:After obtaining the anti-CSRF refresh token, the attacker forges a CSRF attack and tricks the administrator into visiting a crafted link, such as /ord?spy:/logSetup/ALL-web.jetty$3ftoken$…, which changes the logging level of the web.jetty component to ALL. This setting causes the content of all incoming HTTP requests and responses to be fully logged (Figure 5 – step 1 and 2).
- Session Hijacking:By analyzing the Syslog data sent over the network, the attacker extracts the administrator's JSESSIONID session token. Using this session ID, the attacker connects to the Station with full administrative privileges and creates a new backdoor administrator user for persistent access (Figure 5 – step 3 and 4).

- Platform Compromise via Certificate Theft: Leveraging the administrative access, the attacker abuses a dedicated functionality to download the private key associated with the device'sTLS certificate. Since both the Station and Platform share the same certificate and key infrastructure, this enables the attacker to MitM all future sessions to the device, even if they are TLS-encrypted. Full access to thePlatform is now obtained (Figure 6).

- Root Remote Code Execution (RCE): With control of the Platform, the attacker immediately exploits CVE-2025-3944, vulnerability that provides root-level RCE on the device, achieving complete takeover.
Even if the final RCE step is not pursued, this technique allows full compromise of both Station and Platform environments, including installations running on Windows systems.
Mitigation and Recommendations
Tridium has addressed these vulnerabilities through security patches for the Niagara Framework. A security report has been published by the Tridium product security team. Asset owners and operators are strongly urged to:
- Review Tridium’s security advisory for detailed guidance.
- Update affected Niagara installations to the latest patched version as soon as possible.
- Implement network segmentation to limit exposure of systems.
Monitor network traffic for the presence of vulnerable assets and suspicious activity related to Niagara devices—for example, using the vulnerability and threat detection capabilities of Nozomi Networks Guardian. To learn more or see it in action, request a demo today.