CVE-2020-10611

Name of the Vulnerable Software and Affected Versions Triangle MicroWorks SCADA Data Gateway versions 2.41.0213 through 4.0.122 Triangle MicroWorks SCADA Data Gateway versions 3.02.0697 through 4.0.122

Description The issue allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, resulting in a type confusion condition. Authentication is not required to exploit this issue. This is only applicable to installations using DNP3 Data Sets.

Recommendations For versions 2.41.0213 through 4.0.122, consider restricting access to the DNP3 Data Sets until a patch is available. For versions 3.02.0697 through 4.0.122, consider implementing additional validation for user-supplied data to prevent type confusion conditions. At the moment, there is no information about a newer version that contains a fix for this issue.