MidnightBSD

Advisories for trianglemicroworks

CVE-2013-2793 HIGH

Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
trianglemicroworks .net_communication_protocol_components 3.06.0.171
trianglemicroworks scada_data_gateway 3.00.0616
trianglemicroworks scada_data_gateway 2.50
trianglemicroworks ansi_c_source_code_libraries 3.06.0000
trianglemicroworks .net_communication_protocol_components 3.15.0.369
trianglemicroworks scada_data_gateway 2.50.0309
trianglemicroworks ansi_c_source_code_libraries 3.15.0000
CVE-2013-2794 MEDIUM

Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
trianglemicroworks .net_communication_protocol_components 3.06.0.171
trianglemicroworks scada_data_gateway 2.54.0578
trianglemicroworks scada_data_gateway 2.54.0558
trianglemicroworks scada_data_gateway 2.54.0572
trianglemicroworks .net_communication_protocol_components 3.10.00
trianglemicroworks scada_data_gateway 2.54.0571
trianglemicroworks scada_data_gateway 2.54.0529
trianglemicroworks scada_data_gateway 2.54.0573
trianglemicroworks scada_data_gateway 2.54.0592
trianglemicroworks .net_communication_protocol_components 3.14.00
trianglemicroworks ansi_c_source_code_libraries 3.10.0000
trianglemicroworks scada_data_gateway 2.54.0584
trianglemicroworks .net_communication_protocol_components 3.08.00
trianglemicroworks scada_data_gateway 2.54.0564
trianglemicroworks scada_data_gateway 2.54.0582
trianglemicroworks scada_data_gateway 2.54.0596
trianglemicroworks ansi_c_source_code_libraries 3.13.0000
trianglemicroworks scada_data_gateway 2.54.0590
trianglemicroworks scada_data_gateway 2.54.0517
trianglemicroworks scada_data_gateway 2.54.0591
trianglemicroworks scada_data_gateway 2.54.0518
trianglemicroworks scada_data_gateway 2.54.0552
trianglemicroworks scada_data_gateway 3.00
trianglemicroworks ansi_c_source_code_libraries 3.15.0000
trianglemicroworks scada_data_gateway 2.54.0562
trianglemicroworks scada_data_gateway 2.54.0528
trianglemicroworks scada_data_gateway 2.54.0567
trianglemicroworks scada_data_gateway 2.54.0589
trianglemicroworks ansi_c_source_code_libraries 3.14.0000
trianglemicroworks scada_data_gateway 2.54.0595
trianglemicroworks scada_data_gateway 2.50
trianglemicroworks ansi_c_source_code_libraries 3.06.0000
trianglemicroworks scada_data_gateway 2.51
trianglemicroworks scada_data_gateway 2.54.0516
trianglemicroworks scada_data_gateway 3.00.0616
trianglemicroworks .net_communication_protocol_components 3.15.00
trianglemicroworks ansi_c_source_code_libraries 3.08.0000
trianglemicroworks scada_data_gateway 2.54.0587
trianglemicroworks ansi_c_source_code_libraries 3.09.0000
trianglemicroworks scada_data_gateway 2.54.0544
trianglemicroworks scada_data_gateway 2.54.0553
trianglemicroworks scada_data_gateway 2.54.0586
trianglemicroworks ansi_c_source_code_libraries 3.07.0000
trianglemicroworks scada_data_gateway 2.54.0597
trianglemicroworks scada_data_gateway 2.54.0599
trianglemicroworks scada_data_gateway 2.54.0580
trianglemicroworks scada_data_gateway 2.54.0594
trianglemicroworks scada_data_gateway 2.54.0561
trianglemicroworks scada_data_gateway 2.54.0576
trianglemicroworks scada_data_gateway 2.54.0588
trianglemicroworks scada_data_gateway 2.54.0540
trianglemicroworks .net_communication_protocol_components 3.11.00
trianglemicroworks scada_data_gateway 2.54.0545
trianglemicroworks scada_data_gateway 2.54.0583
trianglemicroworks scada_data_gateway 2.54.0515
trianglemicroworks .net_communication_protocol_components 3.15.0.369
trianglemicroworks scada_data_gateway 2.54.0569
trianglemicroworks scada_data_gateway 2.54.0570
trianglemicroworks scada_data_gateway 2.54.0581
trianglemicroworks scada_data_gateway 2.50.0309
trianglemicroworks ansi_c_source_code_libraries 3.11.0000
trianglemicroworks scada_data_gateway 2.54.0577
trianglemicroworks ansi_c_source_code_libraries 3.12.0000
trianglemicroworks .net_communication_protocol_components 3.07.00
trianglemicroworks scada_data_gateway 2.54.0579
trianglemicroworks scada_data_gateway 2.54.0565
trianglemicroworks scada_data_gateway 2.54.0575
trianglemicroworks scada_data_gateway 2.54.0536
trianglemicroworks scada_data_gateway 2.54.0574
trianglemicroworks scada_data_gateway 2.54.0566
trianglemicroworks scada_data_gateway 2.53
trianglemicroworks .net_communication_protocol_components 3.09.00
trianglemicroworks scada_data_gateway 2.54.0598
CVE-2014-2342 MEDIUM

Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-20,

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 2.54.0578
trianglemicroworks scada_data_gateway 2.54.0558
trianglemicroworks scada_data_gateway 2.54.0572
trianglemicroworks scada_data_gateway 2.54.0571
trianglemicroworks scada_data_gateway 2.54.0529
trianglemicroworks scada_data_gateway 2.54.0573
trianglemicroworks scada_data_gateway 2.54.0592
trianglemicroworks scada_data_gateway 2.54.0584
trianglemicroworks scada_data_gateway 2.54.0564
trianglemicroworks scada_data_gateway 2.54.0582
trianglemicroworks scada_data_gateway 2.54.0596
trianglemicroworks scada_data_gateway 2.54.0590
trianglemicroworks scada_data_gateway 2.54.0517
trianglemicroworks scada_data_gateway 2.54.0591
trianglemicroworks scada_data_gateway 2.54.0518
trianglemicroworks scada_data_gateway 2.54.0552
trianglemicroworks scada_data_gateway 3.00
trianglemicroworks scada_data_gateway 3.00.0615
trianglemicroworks scada_data_gateway 2.54.0562
trianglemicroworks scada_data_gateway 2.54.0528
trianglemicroworks scada_data_gateway 2.54.0567
trianglemicroworks scada_data_gateway 2.54.0589
trianglemicroworks scada_data_gateway 2.54.0595
trianglemicroworks scada_data_gateway 2.50
trianglemicroworks scada_data_gateway 2.51
trianglemicroworks scada_data_gateway 2.54.0516
trianglemicroworks scada_data_gateway 3.00.0616
trianglemicroworks scada_data_gateway 2.54.0587
trianglemicroworks scada_data_gateway 2.54.0544
trianglemicroworks scada_data_gateway 2.54.0553
trianglemicroworks scada_data_gateway 2.54.0586
trianglemicroworks scada_data_gateway 2.54.0597
trianglemicroworks scada_data_gateway 2.54.0599
trianglemicroworks scada_data_gateway 2.54.0580
trianglemicroworks scada_data_gateway 2.54.0594
trianglemicroworks scada_data_gateway 2.54.0561
trianglemicroworks scada_data_gateway 2.54.0576
trianglemicroworks scada_data_gateway 2.54.0588
trianglemicroworks scada_data_gateway 2.54.0540
trianglemicroworks scada_data_gateway 2.54.0545
trianglemicroworks scada_data_gateway 2.54.0583
trianglemicroworks scada_data_gateway 3.00.0612
trianglemicroworks scada_data_gateway 2.54.0515
trianglemicroworks scada_data_gateway 2.54.0569
trianglemicroworks scada_data_gateway 2.54.0570
trianglemicroworks scada_data_gateway 2.54.0581
trianglemicroworks scada_data_gateway *
trianglemicroworks scada_data_gateway 2.50.0309
trianglemicroworks scada_data_gateway 2.54.0577
trianglemicroworks scada_data_gateway 2.54.0579
trianglemicroworks scada_data_gateway 2.54.0565
trianglemicroworks scada_data_gateway 2.54.0575
trianglemicroworks scada_data_gateway 3.00.0630
trianglemicroworks scada_data_gateway 2.54.0536
trianglemicroworks scada_data_gateway 2.54.0574
trianglemicroworks scada_data_gateway 2.54.0566
trianglemicroworks scada_data_gateway 2.53
trianglemicroworks scada_data_gateway 2.54.0598
CVE-2014-2343 LOW

Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.

CVSS 2.0

Severity: LOW

Problem Type: CWE-400,CWE-20,

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 2.54.0578
trianglemicroworks scada_data_gateway 2.54.0558
trianglemicroworks scada_data_gateway 2.54.0572
trianglemicroworks scada_data_gateway 2.54.0571
trianglemicroworks scada_data_gateway 2.54.0529
trianglemicroworks scada_data_gateway 2.54.0573
trianglemicroworks scada_data_gateway 2.54.0592
trianglemicroworks scada_data_gateway 2.54.0584
trianglemicroworks scada_data_gateway 2.54.0564
trianglemicroworks scada_data_gateway 2.54.0582
trianglemicroworks scada_data_gateway 2.54.0596
trianglemicroworks scada_data_gateway 2.54.0590
trianglemicroworks scada_data_gateway 2.54.0517
trianglemicroworks scada_data_gateway 2.54.0591
trianglemicroworks scada_data_gateway 2.54.0518
trianglemicroworks scada_data_gateway 2.54.0552
trianglemicroworks scada_data_gateway 3.00
trianglemicroworks scada_data_gateway 3.00.0615
trianglemicroworks scada_data_gateway 2.54.0562
trianglemicroworks scada_data_gateway 2.54.0528
trianglemicroworks scada_data_gateway 2.54.0567
trianglemicroworks scada_data_gateway 2.54.0589
trianglemicroworks scada_data_gateway 2.54.0595
trianglemicroworks scada_data_gateway 2.50
trianglemicroworks scada_data_gateway 2.51
trianglemicroworks scada_data_gateway 2.54.0516
trianglemicroworks scada_data_gateway 3.00.0616
trianglemicroworks scada_data_gateway 2.54.0587
trianglemicroworks scada_data_gateway 2.54.0544
trianglemicroworks scada_data_gateway 2.54.0553
trianglemicroworks scada_data_gateway 2.54.0586
trianglemicroworks scada_data_gateway 2.54.0597
trianglemicroworks scada_data_gateway 2.54.0599
trianglemicroworks scada_data_gateway 2.54.0580
trianglemicroworks scada_data_gateway 2.54.0594
trianglemicroworks scada_data_gateway 2.54.0561
trianglemicroworks scada_data_gateway 2.54.0576
trianglemicroworks scada_data_gateway 2.54.0588
trianglemicroworks scada_data_gateway 2.54.0540
trianglemicroworks scada_data_gateway 2.54.0545
trianglemicroworks scada_data_gateway 2.54.0583
trianglemicroworks scada_data_gateway 3.00.0612
trianglemicroworks scada_data_gateway 2.54.0515
trianglemicroworks scada_data_gateway 2.54.0569
trianglemicroworks scada_data_gateway 2.54.0570
trianglemicroworks scada_data_gateway 2.54.0581
trianglemicroworks scada_data_gateway *
trianglemicroworks scada_data_gateway 2.50.0309
trianglemicroworks scada_data_gateway 2.54.0577
trianglemicroworks scada_data_gateway 2.54.0579
trianglemicroworks scada_data_gateway 2.54.0565
trianglemicroworks scada_data_gateway 2.54.0575
trianglemicroworks scada_data_gateway 3.00.0630
trianglemicroworks scada_data_gateway 2.54.0536
trianglemicroworks scada_data_gateway 2.54.0574
trianglemicroworks scada_data_gateway 2.54.0566
trianglemicroworks scada_data_gateway 2.53
trianglemicroworks scada_data_gateway 2.54.0598
CVE-2020-10611 HIGH

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-843,CWE-843,

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway *
CVE-2020-10613 MEDIUM

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway *
CVE-2020-10615 MEDIUM

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway *
CVE-2020-6996 HIGH

Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. A specially crafted message may cause a stack-based buffer overflow. Authentication is not required to exploit this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
trianglemicroworks dnp3_source_code_library *
CVE-2022-0369

Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227.

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 5.01.01
CVE-2022-38138

The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
trianglemicroworks iec_60870-6_software_library -
trianglemicroworks iec_61850_software_library -
CVE-2023-2186

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
trellixpsirt@trellix.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 3.9 4.2

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway *
CVE-2023-2187

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
trellixpsirt@trellix.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway *
CVE-2023-39457

Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501.

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 5.1.3.20324
CVE-2023-39458

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20509.

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 5.1.3.20324
CVE-2023-39459

Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531.

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 5.1.3
CVE-2023-39460

Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534.

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 5.1.3.20324
CVE-2023-39461

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535.

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 5.1.3.20324
CVE-2023-39462

Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilitites to execute arbitrary code in the context of root. Was ZDI-CAN-20536.

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 5.1.3.20324
CVE-2023-39463

Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537.

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 5.1.3.20324
CVE-2023-39464

Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538.

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 5.1.3.20324
CVE-2023-39465

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615.

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 5.1.3.20324
CVE-2023-39466

Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797.

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 5.1.3.20324
CVE-2023-39467

Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of certificate web directory. The issue results from the exposure of sensitive information in the application webroot. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20798.

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 5.1.3.20324
CVE-2023-39468

Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20799.

Products Affected

Vendor Product Version
trianglemicroworks scada_data_gateway 5.1.3.20324