← Back to home
ICSA-20-224-03  ·  Published 2020-08-11  ·  View on CISA ICS-CERT ↗

Tridium Niagara

CVSS 4.3 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could result in a denial-of-service condition.

CVEs (1)

Remediations

  • Tridium has released updates that mitigate this vulnerability and recommends users update to the versions
  • Niagara 4.9.0.198
  • Niagara Enterprise Security 4.9.0.60
  • Updates are available by contacting the sales support channel or by contacting the Tridium support team at [email protected]
  • All Tridium Niagara users for all supported platforms are encouraged to update their systems with these releases to mitigate risk. For further guidance, please contact a Tridium account manager or Customer Support.
  • Updating to the latest version
  • Review and validate the list of authorized users who can authenticate to Niagara.
  • Allow only trained and trusted persons to have physical access to the system, including devices with connection to the system though the Ethernet port.
  • If remote connections to the network are required, consider using a VPN or other means to ensure secure remote connections into the network.
  • For more information please refer to Security Bulletin SB 2020-Tridium-2.

Affected Vendors

Tridium

Affected Products (2)

Tridium · Niagara 4.6.96.28 | 4.7.109.20 | 4.7.110.32 | 4.8.0.110
Tridium · Niagara Enterprise Security 2.4.31 | 2.4.45 | 4.8.0.35

Affected Sectors

Commercial Facilities, Critical Manufacturing, Government Facilities, Information Technology

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more