7.2

CVE-2023-39463

EPSS 0.56%
Veröffentlicht 03.05.2024 03:15:11
Zuletzt bearbeitet 17.06.2025 21:03:30
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

The specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trianglemicroworks ≫ Scada Data Gateway Version5.1.3.20324

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.673

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
zdi-disclosures@trendmicro.com	7.2	1.2	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new

Release Notes

https://www.zerodayinitiative.com/advisories/ZDI-23-1031/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-39463

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-39463

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-39463

EUVD