Tridium Niagara

Act Now7.4ICS-CERT ICSA-18-191-03Jul 10, 2018

Attack VectorLocal

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Tridium Niagara contains path traversal (CWE-22) and improper authentication (CWE-287) vulnerabilities that allow an attacker to read, write, and delete sensitive files, potentially gaining administrator privileges on the Niagara system. Affected versions: Niagara 4 Framework <= 4.4 and Niagara AX Framework <= 3.8.

What this means

What could happen

An attacker with local access could read, modify, or delete critical configuration files and gain administrative control of the Niagara platform, potentially allowing them to alter building automation settings, disable safety interlocks, or disrupt facility operations.

Who's at risk

Building automation and facilities management operators using Tridium Niagara platforms (Niagara 4 or AX) for HVAC, lighting, fire safety, or energy management control should be concerned. Municipalities, hospitals, universities, and commercial facilities relying on Niagara for integrated building systems are affected.

How it could be exploited

An attacker with local file system access (via USB, local console, or lateral movement after compromising another system on the network) can exploit path traversal to navigate outside intended directories and access or modify sensitive Niagara configuration and authentication files. Once authentication files are modified, the attacker gains administrator-level access to the Niagara system and can change operational parameters.

Prerequisites

Local file system access to the Niagara system
No authentication required to exploit the path traversal vulnerability
Access to modify files in the Niagara installation directory

Path traversal vulnerability (CWE-22)Improper authentication (CWE-287)No authentication required for exploitationHigh EPSS score (19.6%)Can lead to privilege escalation to administratorAffects building automation and safety systemsNo patch available for older versions (Niagara AX 3.8 and below, Niagara 4 4.4 and below)

Exploitability

High exploit probability (EPSS 19.6%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Niagara 4 Framework:≤ 4.44.4.92.2.1

Niagara AX Framework:≤ 3.83.8.401

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict physical and local network access to Niagara systems; do not expose to the Internet

HARDENINGIsolate Niagara control system networks from the business network with firewalls

HARDENINGIf remote access is required, enforce it through a VPN with current patches and strong authentication

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Niagara AX Framework to v3.8.401 (Update 4)

HOTFIXUpgrade Niagara 4 Framework to v4.4.92.2.1 (Update 1)

CVEs (2)

CVE-2017-16744 CVE-2017-16748

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/99cfdcc1-0463-45b6-9446-8dffa22d4433