CVE-2024-1309 - OpenCVE

Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://process.honeywell.com
https://www.honeywell.com/us/en/product-security
https://www.kb.cert.org/vuls/id/417980

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Honeywell

Published: 2024-02-13T13:41:51.478Z

Updated: 2024-07-05T17:20:54.873Z

Reserved: 2024-02-07T14:55:02.262Z

Link: CVE-2024-1309

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-02-13T14:15:46.463

Modified: 2024-04-18T21:15:07.060

Link: CVE-2024-1309

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1309", "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "state": "PUBLISHED", "assignerShortName": "Honeywell", "dateReserved": "2024-02-07T14:55:02.262Z", "datePublished": "2024-02-13T13:41:51.478Z", "dateUpdated": "2024-07-05T17:20:54.873Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "Linux", "QNX"], "product": "Niagara Framework", "vendor": "Honeywell", "versions": [{"lessThan": "Niagara AX 3.8.1", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "Niagara 4.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2024-02-07T16:19:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.<p>This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.</p>"}], "value": "Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.\n\n"}], "impacts": [{"capecId": "CAPEC-148", "descriptions": [{"lang": "en", "value": "CAPEC-148 Content Spoofing"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "shortName": "Honeywell", "dateUpdated": "2024-04-18T20:30:17.678Z"}, "references": [{"url": "https://process.honeywell.com"}, {"url": "https://www.honeywell.com/us/en/product-security"}, {"url": "https://www.kb.cert.org/vuls/id/417980"}], "source": {"discovery": "UNKNOWN"}, "title": "Resource Consumption Identified in NTP before 4.2.4p8 and 4.2.5", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1309", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-13T20:21:53.406350Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:20:54.873Z"}}]}}