CVE-2024-1309 - Vulnerability Details - OpenCVE

Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00063.

Key SSVC decision points have not yet been added.

Vendors	Products
Honeywell	Niagara Framework

Configuration 1 [-]

OR	cpe:2.3:a:honeywell:niagara_framework::::::linux::*
	cpe:2.3:a:honeywell:niagara_framework::::::qnx::*
	cpe:2.3:a:honeywell:niagara_framework::::::windows::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-17069	Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://process.honeywell.com
https://www.honeywell.com/us/en/product-security
https://www.kb.cert.org/vuls/id/417980

History

Fri, 22 Nov 2024 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Honeywell Honeywell niagara Framework
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:honeywell:niagara_framework::::::linux::* cpe:2.3:a:honeywell:niagara_framework::::::qnx::* cpe:2.3:a:honeywell:niagara_framework::::::windows::*
Vendors & Products		Honeywell Honeywell niagara Framework

MITRE

Status: PUBLISHED

Assigner: Honeywell

Published: 2024-02-13T13:41:51.478Z

Updated: 2024-08-01T18:33:25.383Z

Reserved: 2024-02-07T14:55:02.262Z

Link: CVE-2024-1309

Vulnrichment

Updated: 2024-08-01T18:33:25.383Z

NVD

Status : Analyzed

Published: 2024-02-13T14:15:46.463

Modified: 2024-11-22T20:03:02.910

Link: CVE-2024-1309

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1309", "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "state": "PUBLISHED", "assignerShortName": "Honeywell", "dateReserved": "2024-02-07T14:55:02.262Z", "datePublished": "2024-02-13T13:41:51.478Z", "dateUpdated": "2024-08-01T18:33:25.383Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "Linux", "QNX"], "product": "Niagara Framework", "vendor": "Honeywell", "versions": [{"lessThan": "Niagara AX 3.8.1", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "Niagara 4.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2024-02-07T16:19:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.<p>This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.</p>"}], "value": "Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.\n\n"}], "impacts": [{"capecId": "CAPEC-148", "descriptions": [{"lang": "en", "value": "CAPEC-148 Content Spoofing"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "shortName": "Honeywell", "dateUpdated": "2024-04-18T20:30:17.678Z"}, "references": [{"url": "https://process.honeywell.com"}, {"url": "https://www.honeywell.com/us/en/product-security"}, {"url": "https://www.kb.cert.org/vuls/id/417980"}], "source": {"discovery": "UNKNOWN"}, "title": "Resource Consumption Identified in NTP before 4.2.4p8 and 4.2.5", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1309", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-13T20:21:53.406350Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:20:54.873Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.383Z"}, "title": "CVE Program Container", "references": [{"url": "https://process.honeywell.com", "tags": ["x_transferred"]}, {"url": "https://www.honeywell.com/us/en/product-security", "tags": ["x_transferred"]}, {"url": "https://www.kb.cert.org/vuls/id/417980", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://process.honeywell.com", "tags": ["x_transferred"]}, {"url": "https://www.honeywell.com/us/en/product-security", "tags": ["x_transferred"]}, {"url": "https://www.kb.cert.org/vuls/id/417980", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.383Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1309", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-13T20:21:53.406350Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:37.238Z"}}], "cna": {"title": "Resource Consumption Identified in NTP before 4.2.4p8 and 4.2.5", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-148", "descriptions": [{"lang": "en", "value": "CAPEC-148 Content Spoofing"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Honeywell", "product": "Niagara Framework", "versions": [{"status": "affected", "version": "0", "lessThan": "Niagara AX 3.8.1", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "Niagara 4.1", "versionType": "semver"}], "platforms": ["Windows", "Linux", "QNX"], "defaultStatus": "unaffected"}], "datePublic": "2024-02-07T16:19:00.000Z", "references": [{"url": "https://process.honeywell.com"}, {"url": "https://www.honeywell.com/us/en/product-security"}, {"url": "https://www.kb.cert.org/vuls/id/417980"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.\n\n", "supportingMedia": [{"type": "text/html", "value": "Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.<p>This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "shortName": "Honeywell", "dateUpdated": "2024-04-18T20:30:17.678Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1309", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:33:25.383Z", "dateReserved": "2024-02-07T14:55:02.262Z", "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "datePublished": "2024-02-13T13:41:51.478Z", "assignerShortName": "Honeywell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:honeywell:niagara_framework:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C8335BC5-F8B3-4DA0-83CB-82E3E68A2C9C", "versionEndExcluding": "3.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:honeywell:niagara_framework:*:*:*:*:*:qnx:*:*", "matchCriteriaId": "D3CC14A4-55BA-4B11-9A59-CDBCE57E7B42", "versionEndExcluding": "3.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:honeywell:niagara_framework:*:*:*:*:*:windows:*:*", "matchCriteriaId": "8FEB7CC0-4C34-448D-ACEA-283D6E017D87", "versionEndExcluding": "3.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de consumo de recursos no controlado en Honeywell Niagara Framework en Windows, Linux y QNX permite la suplantaci\u00f3n de contenido. Este problema afecta a Niagara Framework: antes de Niagara AX 3.8.1, antes de Niagara 4.1."}], "id": "CVE-2024-1309", "lastModified": "2024-11-22T20:03:02.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "psirt@honeywell.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-13T14:15:46.463", "references": [{"source": "psirt@honeywell.com", "tags": ["Product"], "url": "https://process.honeywell.com"}, {"source": "psirt@honeywell.com", "tags": ["Product"], "url": "https://www.honeywell.com/us/en/product-security"}, {"source": "psirt@honeywell.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/417980"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://process.honeywell.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.honeywell.com/us/en/product-security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/417980"}], "sourceIdentifier": "psirt@honeywell.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "psirt@honeywell.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}