Lucene search

HoneywellCVE-2024-1309

HistoryFeb 13, 2024 - 2:15 p.m.

CVE-2024-1309

2024-02-1314:15:46

CWE-400

Honeywell

web.nvd.nist.gov

cve-2024-1309

uncontrolled resource consumption

honeywell niagara framework

windows

linux

qnx

content spoofing

nvd

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

Percentile

15.5%

JSON

Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux",
      "QNX"
    ],
    "product": "Niagara Framework",
    "vendor": "Honeywell",
    "versions": [
      {
        "lessThan": "Niagara AX 3.8.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "Niagara 4.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

process.honeywell.com

www.honeywell.com/us/en/product-security

www.kb.cert.org/vuls/id/417980

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for CVE-2024-1309