Manuals+

Security Bulletin

SecB0009: Niagara Tridium

First published: January 22, 2024

Summary

The Niagara Framework® has been updated to address a vulnerability in the libwebp component utilized by jxBrowser.

Description

The following releases of Niagara Framework® have been updated to address a vulnerability in the libwebp component utilized by jxBrowser. The CVE reported is CVE-2023-4863 and has been rescored as 6.8, based on the libwebp component's usage in Niagara.

Affected Products

Niagara Framework, Niagara Enterprise Security

Recommended Action

Please update any installations of Niagara to one of the following versions:

  • Niagara Framework 4.10u7
  • Niagara Framework 4.13u2

Delta branded builds of these Niagara framework software updates are available from the Delta Controls Support site software downloads page.

It is important that all Niagara customers for all supported platforms update their systems with these releases to mitigate risk. If you have any questions, please contact Customer Support via technicalsupport@deltacontrols.com.

CVE Details

CVSSv36.8 Medium
CVE IDCVE-2023-4863

PDF preview unavailable. Download the PDF instead.

SecB0009 Security Bulletin Adobe PDF Library 11.0

Related Documents

Preview Delta Controls Security Bulletin: OpenSSL Vulnerability CVE-2022-3786 and CVE-2022-3602
Delta Controls Security Bulletin SecB0006 details an OpenSSL vulnerability (CVE-2022-3786, CVE-2022-3602) related to buffer overflows in X.509 certificate verification. It provides a summary, description, affected products, recommended actions, and CVSS scoring information, along with an explanation of the Common Vulnerability Scoring System.
Preview Security Bulletin: CVE-2020-25694, 25695, 25696 - Delta Controls
Details a critical security vulnerability (CVE-2020-25694, 25695, 25696) affecting PostgreSQL versions prior to 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24, impacting enteliSYNC. Provides recommended actions and mitigation strategies for Delta Controls products.
Preview Security Bulletin SecB0013: CVE-2024-21147 - enteliWEB Vulnerability Update
Delta Controls provides a security bulletin regarding CVE-2024-21147, a high-severity vulnerability affecting Oracle Java and compatible distributions. Details the impact on enteliWEB and planned remediation.
Preview enteliWEB Network Hardening Guide
This guide provides essential information for planning and implementing robust security best practices for enteliWEB installations, covering critical areas such as password management, user permissions, server security, and network hardening.
Preview enteliWEB v4.0 Deployment Planning Guide | Delta Controls
This Deployment Planning Guide for enteliWEB v4.0 by Delta Controls provides essential information for planning system deployments. It covers site sizing, hardware and software requirements for physical servers and virtual machines, installation guidelines including services and network ports, comprehensive security features, licensing, email configuration, bandwidth considerations, browser compatibility, IIS settings, and troubleshooting procedures.
Preview Pioneering Smart Building Automation in Healthcare | Delta Controls White Paper
Delta Controls offers advanced Building Automation Systems (BAS) for healthcare, enhancing patient care, operational efficiency, and sustainability. This white paper details solutions and case studies from leading healthcare facilities.
Preview Delta Controls enteliWEB Case Study: Brooke Army Medical Center Infection Control
This case study details how Delta Controls' enteliWEB system was implemented at Brooke Army Medical Center (BAMC) to enhance infection control, environmental monitoring, and operational efficiency, improving patient safety and facility management.
Preview Delta Controls e301 enteliWEB Fundamentals Course Description
Detailed course description for Delta Controls' e301 enteliWEB Fundamentals training. Covers course objectives, logistics, prerequisites, and topics including enteliWEB software, object management, alarms, and user administration.