cvelistv5 - cve-2020-14483

CVE-2020-14483 (GCVE-0-2020-14483)

Vulnerability from cvelistv5 – Published: 2020-08-13 14:41 – Updated: 2024-08-04 12:46

Summary

Severity ?

No CVSS data available.

CWE

CWE-1088 - SYNCHRONOUS ACCESS OF REMOTE RESOURCE WITHOUT TIMEOUT CWE-1088

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	Niagara	Affected: Niagara: Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security: Versions 2.4.31, 2.4.45, 4.8.0.35

FKIE_CVE-2020-14483

Vulnerability from fkie_nvd - Published: 2020-08-13 15:15 - Updated: 2024-11-21 05:03

Severity ?

4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
tridium	niagara	4.6.96.28
tridium	niagara	4.7.109.20
tridium	niagara	4.7.110.32
tridium	niagara	4.8.0.110
tridium	niagara_enterprise_security	2.4.31
tridium	niagara_enterprise_security	2.4.45
tridium	niagara_enterprise_security	4.8.0.35

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tridium:niagara:4.6.96.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEE59D43-F845-44C6-80A3-40686FB6B7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tridium:niagara:4.7.109.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "A698D4D5-FD34-48C3-AEBF-B0806CBAE911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tridium:niagara:4.7.110.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "739E2E10-64B0-4E89-AAC8-672D8DFF8125",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tridium:niagara:4.8.0.110:*:*:*:*:*:*:*",
              "matchCriteriaId": "542AFB62-67B4-41EB-8EAB-E0AE03FB3787",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:2.4.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "1041ABDB-833F-4997-A89C-CA62A00C0320",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:2.4.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EE6A8CE-0337-49FD-AB77-FADB278C29D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.8.0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "59DB62B3-981E-4337-A03A-76AB2305681D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct."
    },
    {
      "lang": "es",
      "value": "Un tiempo de espera durante un protocolo de enlace TLS puede resultar en que la conexi\u00f3n falle al terminar. Esto puede resultar en un bloqueo del hilo o subproceso de Niagara y requiere un reinicio manual de Niagara (versiones 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) y Niagara Enterprise Security (versiones 2.4.31, 2.4.45, 4.8.0.35 ) parra corregir"
    }
  ],
  "id": "CVE-2020-14483",
  "lastModified": "2024-11-21T05:03:22.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-13T15:15:12.377",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1088"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-F98H-FHJW-57PM

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-14483"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-13T15:15:00Z",
    "severity": "LOW"
  },
  "details": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.",
  "id": "GHSA-f98h-fhjw-57pm",
  "modified": "2022-05-24T17:25:30Z",
  "published": "2022-05-24T17:25:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14483"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-202008-0160

Vulnerability from variot - Updated: 2023-12-18 13:47

A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct. Tridium Provides Niagara Is a building automation system. As a result, threads on the system may hang and a manual reboot is required for recovery. Niagara is a platform used to support the connection of devices and applications. Attackers can use the vulnerability to cause the Niagara thread to hang

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202008-0160",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "niagara",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "tridium",
        "version": "4.6.96.28"
      },
      {
        "model": "niagara",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "tridium",
        "version": "4.7.109.20"
      },
      {
        "model": "niagara",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "tridium",
        "version": "4.7.110.32"
      },
      {
        "model": "niagara",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "tridium",
        "version": "4.8.0.110"
      },
      {
        "model": "niagara enterprise security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "tridium",
        "version": "2.4.31"
      },
      {
        "model": "niagara enterprise security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "tridium",
        "version": "2.4.45"
      },
      {
        "model": "niagara enterprise security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "tridium",
        "version": "4.8.0.35"
      },
      {
        "model": "niagara",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "tridium",
        "version": "4.6.96.28\u3001 4.7.109.20\u3001 4.7.110.32\u3001 4.8.0.110"
      },
      {
        "model": "niagara enterprise security",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "tridium",
        "version": "2.4.31\u3001 2.4.45\u3001 4.8.0.35"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-49618"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007432"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-14483"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara:4.6.96.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara:4.7.109.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara:4.7.110.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara:4.8.0.110:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara_enterprise_security:2.4.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara_enterprise_security:2.4.45:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara_enterprise_security:4.8.0.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-14483"
      }
    ]
  },
  "cve": "CVE-2020-14483",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2020-49618",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA score",
            "availabilityImpact": "Low",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-007432",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-14483",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2020-007432",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-49618",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202008-593",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-49618"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007432"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-14483"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-593"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct. Tridium Provides Niagara Is a building automation system. As a result, threads on the system may hang and a manual reboot is required for recovery. Niagara is a platform used to support the connection of devices and applications. Attackers can use the vulnerability to cause the Niagara thread to hang",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-14483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007432"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-49618"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-14483",
        "trust": 3.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-224-03",
        "trust": 3.0
      },
      {
        "db": "JVN",
        "id": "JVNVU99362875",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007432",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-49618",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2762",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-593",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-49618"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007432"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-14483"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-593"
      }
    ]
  },
  "id": "VAR-202008-0160",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-49618"
      }
    ],
    "trust": 0.9333333399999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-49618"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:47:24.791000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SB 2020-Tridium-2(PDF)",
        "trust": 0.8,
        "url": "https://www.tridium.com/~/media/tridium/library/documents/sb2020-tridium-2"
      },
      {
        "title": "Patch for Tridium Niagara and Niagara Enterprise Security have unspecified vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/232405"
      },
      {
        "title": "Tridium Niagara  and Niagara Enterprise Security Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=126632"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-49618"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007432"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-593"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-14483"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14483"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu99362875"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14483"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2762/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-49618"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007432"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-14483"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-593"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-49618"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007432"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-14483"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-593"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-49618"
      },
      {
        "date": "2020-08-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-007432"
      },
      {
        "date": "2020-08-13T15:15:12.377000",
        "db": "NVD",
        "id": "CVE-2020-14483"
      },
      {
        "date": "2020-08-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202008-593"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-49618"
      },
      {
        "date": "2020-08-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-007432"
      },
      {
        "date": "2020-08-19T20:58:30.487000",
        "db": "NVD",
        "id": "CVE-2020-14483"
      },
      {
        "date": "2020-08-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202008-593"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-593"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tridium Made  Niagara Vulnerability that remote connection terminal does not time out",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-007432"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-593"
      }
    ],
    "trust": 0.6
  }
}

GSD-2020-14483

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-14483

Aliases

CVE-2020-14483

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-14483",
    "description": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.",
    "id": "GSD-2020-14483"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-14483"
      ],
      "details": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.",
      "id": "GSD-2020-14483",
      "modified": "2023-12-13T01:21:59.637369Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2020-14483",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Niagara",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Niagara: Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security: Versions 2.4.31, 2.4.45, 4.8.0.35"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "SYNCHRONOUS ACCESS OF REMOTE RESOURCE WITHOUT TIMEOUT CWE-1088"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03",
            "refsource": "MISC",
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara:4.6.96.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara:4.7.109.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara:4.7.110.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara:4.8.0.110:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara_enterprise_security:2.4.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara_enterprise_security:2.4.45:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tridium:niagara_enterprise_security:4.8.0.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-14483"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-08-19T20:58Z",
      "publishedDate": "2020-08-13T15:15Z"
    }
  }
}

CNVD-2020-49618

Vulnerability from cnvd - Published: 2020-08-31

Title

Tridium Niagara和Niagara Enterprise Security存在未明漏洞

Description

Niagara是一套用于支持设备和应用程序连接的平台。 Tridium Niagara和Niagara Enterprise Security中存在安全漏洞，该漏洞源于在TLS握手期间超时，程序无法中断连接，攻击者可利用该漏洞导致Niagara线程挂起。

Severity

低

Patch Name

Tridium Niagara和Niagara Enterprise Security存在未明漏洞的补丁

Patch Description

Niagara是一套用于支持设备和应用程序连接的平台。 Tridium Niagara和Niagara Enterprise Security中存在安全漏洞，该漏洞源于在TLS握手期间超时，程序无法中断连接，攻击者可利用该漏洞导致Niagara线程挂起。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.tridium.com/~/media/tridium/library/documents/sb2020-tridium-2.ashx?la=en

Reference

https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03

Impacted products

Name
['Tridium tridium Niagara 4.6.96.28', 'Tridium tridium Niagara 4.7.109.20', 'Tridium tridium Niagara 4.7.110.32', 'Tridium tridium Niagara 4.8.0.110', 'Tridium Niagara Enterprise Security 2.4.31', 'Tridium Niagara Enterprise Security 2.4.45', 'Tridium Niagara Enterprise Security 4.8.0.35']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-14483",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-14483"
    }
  },
  "description": "Niagara\u662f\u4e00\u5957\u7528\u4e8e\u652f\u6301\u8bbe\u5907\u548c\u5e94\u7528\u7a0b\u5e8f\u8fde\u63a5\u7684\u5e73\u53f0\u3002\n\nTridium Niagara\u548cNiagara Enterprise Security\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728TLS\u63e1\u624b\u671f\u95f4\u8d85\u65f6\uff0c\u7a0b\u5e8f\u65e0\u6cd5\u4e2d\u65ad\u8fde\u63a5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4Niagara\u7ebf\u7a0b\u6302\u8d77\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.tridium.com/~/media/tridium/library/documents/sb2020-tridium-2.ashx?la=en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-49618",
  "openTime": "2020-08-31",
  "patchDescription": "Niagara\u662f\u4e00\u5957\u7528\u4e8e\u652f\u6301\u8bbe\u5907\u548c\u5e94\u7528\u7a0b\u5e8f\u8fde\u63a5\u7684\u5e73\u53f0\u3002\r\n\r\nTridium Niagara\u548cNiagara Enterprise Security\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728TLS\u63e1\u624b\u671f\u95f4\u8d85\u65f6\uff0c\u7a0b\u5e8f\u65e0\u6cd5\u4e2d\u65ad\u8fde\u63a5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4Niagara\u7ebf\u7a0b\u6302\u8d77\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Tridium Niagara\u548cNiagara Enterprise Security\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Tridium tridium Niagara 4.6.96.28",
      "Tridium tridium Niagara 4.7.109.20",
      "Tridium tridium Niagara 4.7.110.32",
      "Tridium tridium Niagara 4.8.0.110",
      "Tridium Niagara Enterprise Security 2.4.31",
      "Tridium Niagara Enterprise Security 2.4.45",
      "Tridium Niagara Enterprise Security 4.8.0.35"
    ]
  },
  "referenceLink": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-03",
  "serverity": "\u4f4e",
  "submitTime": "2020-08-19",
  "title": "Tridium Niagara\u548cNiagara Enterprise Security\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

ICSA-20-224-03

Vulnerability from csaf_cisa - Published: 2020-08-11 00:00 - Updated: 2020-08-11 00:00

Summary

Tridium Niagara

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could result in a denial-of-service condition.

Critical infrastructure sectors

Commercial Facilities, Critical Manufacturing, Government Facilities, Information Technology

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Honeywell",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could result in a denial-of-service condition.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Critical Manufacturing, Government Facilities, Information Technology",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-224-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-224-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-224-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-224-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Tridium Niagara",
    "tracking": {
      "current_release_date": "2020-08-11T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-224-03",
      "initial_release_date": "2020-08-11T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-08-11T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-224-03 Tridium Niagara"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": " 4.6.96.28 | 4.7.109.20 | 4.7.110.32 | 4.8.0.110",
                "product": {
                  "name": "Niagara: Versions 4.6.96.28 4.7.109.20 4.7.110.32 4.8.0.110",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Niagara"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.4.31 | 2.4.45 | 4.8.0.35",
                "product": {
                  "name": "Niagara Enterprise Security: Versions 2.4.31 2.4.45 4.8.0.35",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Niagara Enterprise Security"
          }
        ],
        "category": "vendor",
        "name": "Tridium"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-14483",
      "cwe": {
        "id": "CWE-1088",
        "name": "Synchronous Access of Remote Resource without Timeout"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart to correct.CVE-2020-14483 has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14483"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Tridium has released updates that mitigate this vulnerability and recommends users update to the versions",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Niagara 4.9.0.198",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Niagara Enterprise Security 4.9.0.60",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Updates are available by contacting the sales support channel or by contacting the Tridium support team at support@tridium.com",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://mail.google.com/mail/?view=cm\u0026fs=1\u0026tf=1\u0026to=support@tridium.com"
        },
        {
          "category": "mitigation",
          "details": "All Tridium Niagara users for all supported platforms are encouraged to update their systems with these releases to mitigate risk. For further guidance, please contact a Tridium account manager or Customer Support.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://mail.google.com/mail/?view=cm\u0026fs=1\u0026tf=1\u0026to=support@tridium.com"
        },
        {
          "category": "mitigation",
          "details": "Updating to the latest version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Review and validate the list of authorized users who can authenticate to Niagara.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Allow only trained and trusted persons to have physical access to the system, including devices with connection to the system though the Ethernet port.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "If remote connections to the network are required, consider using a VPN or other means to ensure secure remote connections into the network.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information please refer to Security Bulletin SB 2020-Tridium-2.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.tridium.com/~/media/tridium/library/documents/sb2020-tridium-2"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-14483 (GCVE-0-2020-14483)

FKIE_CVE-2020-14483

GHSA-F98H-FHJW-57PM

VAR-202008-0160

GSD-2020-14483

CNVD-2020-49618

ICSA-20-224-03

Tags

Sightings

Nomenclature