Uncontrolled Resource Consumption Vulnerability Allows Content Spoofing
CVE-2024-1309

7.5HIGH

Key Information:

Vendor: Honeywell
Status: Niagara Framework
Vendor: CVE Published:; 13 February 2024

What is CVE-2024-1309?

The vulnerability in the Honeywell Niagara Framework allows for uncontrolled resource consumption, which can lead to content spoofing. This affects users running versions prior to Niagara AX 3.8.1 and Niagara 4.1 across Windows, Linux, and QNX operating systems. Attackers could exploit this flaw to overload system resources, potentially leading to service disruptions and manipulation of content. Organizations utilizing Honeywell's Niagara Framework must assess their systems and take necessary protective measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Niagara Framework Windows 0

References

https://process.honeywell.com

https://www.honeywell.com/us/en/product-security

https://www.kb.cert.org/vuls/id/417980

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Feb 7, 2024