CVE-2023-39457

EPSS 0.38%
Veröffentlicht 03.05.2024 03:15:10
Zuletzt bearbeitet 17.06.2025 21:03:54
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability

Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.

The specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trianglemicroworks ≫ Scada Data Gateway Version5.1.3.20324

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.586

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
zdi-disclosures@trendmicro.com	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new

Release Notes

https://www.zerodayinitiative.com/advisories/ZDI-23-1025/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-39457

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-39457

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-39457

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-39457