Cybersecurity advisory affecting Niagara AX- and Niagara 4-based systems.
Dear valued partner,
In June of 2018, Tridium incorporated a number of fixes to security vulnerabilities in Niagara AX and Niagara 4 through security update releases. Click to read the technical bulletin. Two of these vulnerabilities, which are affecting Niagara systems on Microsoft Windows platforms, were reported to the National Cybersecurity and Communications Integration Center (NCCIC). An Industrial Control Systems (ICS) Advisory has been issued.
It is important that all Niagara AX and Niagara 4 customers ensure they have updated their systems to the most current version to mitigate risk. Tridium takes cybersecurity very seriously. We recognize that the security of our products is of critical importance to our customers and the Niagara Community. If you have any questions, please contact your Tridium account manager or firstname.lastname@example.org.
It is important to note that JACE® controllers are not affected by these vulnerabilities, but the vulnerabilities are applicable to Niagara systems running on the Microsoft Windows operating system, including Niagara AX and Niagara 4 Supervisors.
For Niagara 4, the vulnerabilities were resolved in the latest two releases:
Niagara 4.6 (18.104.22.168.4), July 2018
Niagara 4.4u1 (22.214.171.124.1), June 2018
For Niagara AX, the vulnerabilities were resolved in the latest release:
Niagara AX 3.8u4 (3.8.401), June 2018
These fixes will be incorporated into all future releases of Niagara.