Summary Cybersecurity is a priority at Tridium. We are dedicated to continuously improving the security of our products, and we will continue to update you as we release new security features, enhancements, and updates. DISCLAIMERS
Security Bulletin# SB 2019-Tridium-3
CVSS v3.0 Base Score: 4.4 (AV:L/AC:L/PR:H/UI:N/S:U/
Defect# HAREMB-1220
CVSS v3.0 Base Score: 8.0 (AV:L/AC:H/PR:H/UI:N/S:C/
Defect# HAREMB-1221
Two vulnerabilities have been discovered in the QNX operating system images distributed by Tridium.
The first vulnerability is related to a vulnerability that could allow a less privileged process to gain read access to privileged files.
The second is related to a vulnerability in the QNX procfs service that could allow a less privileged process to gain access to a chosen process’s address space.
The following supported platforms are impacted:
NOTE: Niagara Windows and Linux Supervisor installations are not impacted.
We have updated the QNX OS images to remove the vulnerability and recommend that users update to the versions identified below:
Recommended Action
Tridium has released new updates that mitigate these vulnerabilities.
Product
QNX Patches
Niagara AX 3.8u4
OS Dist: 2.7.402.2
NRE Config Dist: 3.8.401.1
Niagara 4.4u3
OS Dist: 4.4.73.38.1 NRE Config Dist: 4.4.94.14.1
Niagara 4.7u1
OS Dist: (JACE 8000) 4.7.109.16.1
OS Dist (Edge 10): 4.7.109.18.1 NRE Config Dist: 4.7.110.32.1
These updates are available by contacting your sales support channel or by contacting the Tridium support team at support@tridium.com.
It is important that all Niagara customers for all supported platforms update their systems with these releases to mitigate risk. If you have any questions, please contact your Tridium account manager or contact Customer Support via support@tridium.com.
Mitigation
In addition to updating your system, Tridium recommends that customers with affected products take the following protective steps:
Appendix: About CVSS
The Common Vulnerability Scoring System (CVSS) is an open standard for communicating the characteristics and severity of software vulnerabilities. The Base score represents the intrinsic qualities of a vulnerability. The Temporal score reflects the characteristics of a vulnerability that change over time. The Environmental score is an additional score that can be used by CVSS, but is not supplied as it will differ for each customer. The Base score has a value ranging from 0 to 10. The Temporal score has the same range and is a modification of the Base score due to current temporary factors. The severity of the score can be summarized as follows:
Severity Rating
CVSS Score
None
0.0
Low
0.1 – 3.9
Medium
4.0 – 6.9
High
7.0 -8.9
Critical
9.0 – 10.0
A CVSS score is also represented as a vector string, a compressed textual representation of the values used to derive the score.
Detailed information about CVSS can be found at http://www.first.org/cvss.
Great Solution at Great Pricing!
Tridium’s Niagara Edge 10 is an IP-based field equipment controller powered by the Niagara Framework®. Niagara Edge 10 controllers drive applications such as zone temperature control, and the operation of fan coil units, singlestage air handling units, water-source heat pumps and more. Niagara Edge 10 controllers run the full Niagara stack, with 10 points of on-board IO and IO-R-34 expansion capability. Niagara Edge 10 licensing supports three devices and 50 total points to harness the full power of Niagara at the edge.
This DK-AC-BAC-AIntesisBox gateway ensures full interoperability support to the integrator and the propriety thanks to the BTL Mark.
The aim of this integration is to monitor and control your Daikin air conditioning system, remotely, from your Control Center using any commercial SCADA or monitoring software that includes a BACnet driver or connect it to other BACnet devices to do any automation. To do it so, IntesisBox allows BACnet communication allowing polling or subscription requests (COV).
IntesisBox makes available the Daikin air conditioning system indoor units through independent BACnet objects.
Abstraction of Daikin air conditioning system properties and functionalities as fixed BACnet Objects. IntesisBox allows fixed BACnet object IDs mapping. Simple configuration is needed: just select the appropriate communication parameters (MAC address, baud rate…)
Tridium’s latest advancement means you can protect the enterprise from losing valuable Niagara station and configuration data, and manage your Niagara licenses from one online location. Introducing Niagara Cloud, a growing suite of services that can help you leverage the Internet of Things in new and powerful ways. Backup as a Service: With BaaS, easily configure your Niagara stations to do automated secure backups to the cloud. BaaS is available to Niagara 4.3 users with a current Software Maintenance Agreement (SMA) at no additional cost. Asset Manager: ?You can access device backups and track your Niagara software maintenance expirations using our exciting new asset manager tool, live on the Niagara Community website. ? Contact us for more information.
Dear valued VYKON Partner, Tridium has released the third version of Niagara 4. Niagara 4.3 introduces enhancements that make it easier to manage and deploy templates, along with several other new features. Most notable about this release are the significant innovations built on Niagara 4.3, including:
* Backup as a Service (BaaS), our first Niagara Cloud offering launching in mid-July
* VYKON Integrated Analytics 2.0u2, with analytic chart enhancements and key defect fixes
* Support for JACE® 8000 IO R in both a 16 and 34 point module
* JACE 8000 expansion module Hardware Development Kit (HDK), new for developers
Niagara 4.3: Building upon improvements offered by Niagara 4.2u1, Niagara 4.3 offers enhancements that make it easier to manage and deploy templates, and a new Abstract Manager Framework for creating custom manager views. This release fixes the issues with Windows 10 service pack updates changing Host IDs.
Click here to download the features overview, and visit tridium.com to compare Niagara versions.
Backup as a Service: With the release of Niagara 4.3, we make it easy for you to back up your data—at no additional cost. Having an up-to-date Software Maintenance Agreement (SMA) allows immediate access to our new Backup as a Service (BaaS) when it launches in mid-July. BaaS will provide seamless, secure and scalable backups of Niagara to the cloud–24/7/365.
Asset manager tool: You will be able to access device backups via BaaS using our exciting new asset manager tool, to be introduced soon on the Niagara Community website.
Beyond accessing device backups via BaaS, the asset manager tool will help you simplify license management and recoup valuable time. Other key advantages include:
* Automatic push notifications of maintenance expirations and renewals
* Centralized, brand-agnostic view of all Niagara license information
* Easy access to specific device details through filters
* Single login using your Niagara Community credentials
* VYKON Integrated Analytics 2.0u2
The second VYKON Integrated Analytics 2.0 update has been released with Niagara 4.3. VYKON Integrated Analytics 2.0u2 offers even more potential for systems integrators to differentiate themselves and build a trusted partnership with their customers by engaging in analytics as a continual process.
VYKON Integrated Analytics 2.0u2 features:
* Chart enhancements
* All analytic charts have a configurable font property
* Equipment Operation chart has a configurable property to show or hide Off status bar
* Key defect fixes for analytic charts
* JACE 8000 IO R
Niagara 4.3 supports IO R on the JACE 8000. IO R allows the JACE 8000 to interface directly with simple non-intelligent inputs and outputs remotely located up to 4,000 feet from the JACE.
IO R makes the JACE 8000 more powerful and your migration path straightforward. Enjoy ease of use, enhanced capability, improved flexibility and minimal wiring labor—plus:
* Updated NDIO to NRIO conversion tool to support new JACE 8000 IO R modules
* Programmable Default states for Analog and Digital Outputs
* More information to come soon.
EcoView Touchscreen 7-in. touch panel gateway to the Internet, enabling wireless control of thermostats, power meters, and other load control devices. Siemens EcoView™ Energy Management System(EMS) was designed specifically to meet the energy management needs of restaurants, medical offices, retail shops and other small commercial businesses.Already at work in many facilities across the United States, EcoView is a proven solution for lowering energy consumption and bills. Wireless technology, drop-in thermostats, and cloud-based applications make it affordable and simple to install and use. It also provides great visibility and control of HVAC and lighting from one central point, which helps increase productivity.
Better Buildings is an initiative of the U.S. Department of Energy (DOE) designed to improve the lives of the American people by driving leadership in energy innovation. Through Better Buildings, DOE partners with leaders in the public and private sectors to make the nation’s homes, commercial buildings and industrial plants more energy efficient by accelerating investment and sharing of successful best practices. Showcase Project: South Campus Energy Project featuring Siemens VFDs.
BACKGROUND: The South Campus of the Community College of Allegheny County (CCAC) is one of four campuses located throughout Allegheny County. Opened in 1973 with later additions, the one-building campus houses traditional college classrooms and laboratories, as well as a theater for both student and community productions, radio station, gym and fully equipped fitness center, library, media and computer centers, and state-of-the-art nursing and allied health laboratories. The six-story structure is surrounded by open grounds which include parking areas, a nature trail, and a community garden. This facility was the largest single energy user in the entire CCAC system, and the HVAC system was maintenance-intensive.
CCAC pursued a bond-funded guaranteed savings project specifying the following measures:
Firms responding to the RFP were welcome to propose additional measures, and the firm chosen to complete the project proposed some additional lighting retrofits, replacement of a smaller rooftop chiller, and plumbing retrofits to low-flow fixtures. Water savings were enhanced by the reduction in necessary heat rejection of the electric chillers over the absorbers, thus lessening the amount of water that needed to go to the cooling tower.
Honeywell is pleased to announce the release of the WEBs-N4.1.27.20 (N4.1.1) software packaged with Spyder, Stryker and Venom programming tools. Main Features: