CVE-2020-14483
published 2020-08-13CVE-2020-14483: A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart…
PriorityP416medium4.3CVSS 3.1
AVAACLPRNUINSUCNINAL
EPSS
0.42%
33.6th percentile
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tridium | niagara | — | — |
| tridium | niagara | — | — |
| tridium | niagara | — | — |
| tridium | niagara | — | — |
| tridium | niagara | — | — |
| tridium | niagara_enterprise_security | — | — |
| tridium | niagara_enterprise_security | — | — |
| tridium | niagara_enterprise_security | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Tridium Niagara
cisa_ics·2020-08-11·CVSS 4.3
[MEDIUM] Tridium Niagara
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Tridium Niagara
Last RevisedAugust 11, 2020
Alert CodeICSA-20-224-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 4,3
- ATTENTION: Exploitable from adjacent network/low skill level to exploit
- Vendor: Tridium
- Equipment: Niagara
- Vulnerability: Synchronous Access of Remote Resource without Timeout
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could result in a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Niagara are affected:
- Niagara: Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110
- Niag
GHSA
GHSA-f98h-fhjw-57pm: A timeout during a TLS handshake can result in the connection failing to terminate
ghsa_unreviewed·2022-05-24
CVE-2020-14483 [LOW] GHSA-f98h-fhjw-57pm: A timeout during a TLS handshake can result in the connection failing to terminate
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.
No detection rules found.
No public exploits indexed.
2020-08-13
Published