Honeywell subsidiary Tridium's Niagara Framework has been impacted by over a dozen security flaws, which could be leveraged to facilitate significant compromise of building systems, according to Facilities Dive.
Attackers who have obtained initial network access could exploit the 13 vulnerabilities affecting version 4.13 of the vendor-neutral smart building middleware platform to target organizations' IT or IoT systems, resulting in the critical systems deactivation, automation process modification, and widespread disruptions, a report from Nozomi Networks Labs researchers showed. "These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device (which produces a warning on the security dashboard.) If chained together, they could allow an attacker with access to the same network such as through a Man-in-the-Middle (MiTM) position to compromise the Niagara system," said Nozomi Networks. Updates resolving the issues have already been issued by Tridium, which also called on organizations leveraging the flawed framework to conduct authorized user reviews and validation.
Attackers who have obtained initial network access could exploit the 13 vulnerabilities affecting version 4.13 of the vendor-neutral smart building middleware platform to target organizations' IT or IoT systems, resulting in the critical systems deactivation, automation process modification, and widespread disruptions, a report from Nozomi Networks Labs researchers showed. "These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device (which produces a warning on the security dashboard.) If chained together, they could allow an attacker with access to the same network such as through a Man-in-the-Middle (MiTM) position to compromise the Niagara system," said Nozomi Networks. Updates resolving the issues have already been issued by Tridium, which also called on organizations leveraging the flawed framework to conduct authorized user reviews and validation.
