Lucene search

[email protected]CVE-2020-14483

HistoryAug 13, 2020 - 3:15 p.m.

CVE-2020-14483

2020-08-1315:15:12

CWE-1088

[email protected]

web.nvd.nist.gov

cve-2020-14483

tls handshake

connection failure

niagara

thread hang

manual restart

nvd

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.4%

JSON

A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.

Affected configurations

NVD

Node

tridiumniagaraMatch4.6.96.28

tridiumniagaraMatch4.7.109.20

tridiumniagaraMatch4.7.110.32

tridiumniagaraMatch4.8.0.110

tridiumniagara_enterprise_securityMatch2.4.31

tridiumniagara_enterprise_securityMatch2.4.45

tridiumniagara_enterprise_securityMatch4.8.0.35

CPENameOperatorVersion
tridium:niagaratridium niagaraeq4.6.96.28
tridium:niagaratridium niagaraeq4.7.109.20
tridium:niagaratridium niagaraeq4.7.110.32
tridium:niagaratridium niagaraeq4.8.0.110
tridium:niagara_enterprise_securitytridium niagara enterprise securityeq2.4.31
tridium:niagara_enterprise_securitytridium niagara enterprise securityeq2.4.45
tridium:niagara_enterprise_securitytridium niagara enterprise securityeq4.8.0.35

CPE	Name	Operator	Version
tridium:niagara	tridium niagara	eq	4.6.96.28
tridium:niagara	tridium niagara	eq	4.7.109.20
tridium:niagara	tridium niagara	eq	4.7.110.32
tridium:niagara	tridium niagara	eq	4.8.0.110
tridium:niagara_enterprise_security	tridium niagara enterprise security	eq	2.4.31
tridium:niagara_enterprise_security	tridium niagara enterprise security	eq	2.4.45
tridium:niagara_enterprise_security	tridium niagara enterprise security	eq	4.8.0.35

CNA Affected

[
  {
    "product": "Niagara",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Niagara: Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security: Versions 2.4.31, 2.4.45, 4.8.0.35"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-20-224-03

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.4%

JSON

Related for CVE-2020-14483

ics1 nvd1 prion1 cvelist1 nessus1