Actually, it's designed to be web-facing.
Niagara^AX is a software framework and development environment that solves the challenges associated with building Internet-enabled products, device-to-enterprise applications and distributed Internet-enabled automation systems.
Worse, this is a laughably simple exploit of the web-facing interface:
By default, the Tridium Niagara AX software is not configured to deny access to restricted parent directories... An attacker could exploit this vulnerability by sending a specially crafted request to the Web server running on Port 80/TCP
"The system insecurely stores user authentication credentials, which are susceptible to interception and retrieval. User authentication credentials are stored in the Niagara station configuration file, config.bog, which is located in the root of the station folder"
In other words, it's about as simple as GET