4.3
CVE-2020-14483
- EPSS 0.11%
- Veröffentlicht 13.08.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:03:22
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginA timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tridium ≫ Niagara Enterprise Security Version2.4.31
Tridium ≫ Niagara Enterprise Security Version2.4.45
Tridium ≫ Niagara Enterprise Security Version4.8.0.35
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.307 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 3.3 | 6.5 | 2.9 |
AV:A/AC:L/Au:N/C:N/I:N/A:P
|
CWE-1088 Synchronous Access of Remote Resource without Timeout
The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.