CVE-2020-10613

Name of the Vulnerable Software and Affected Versions Triangle MicroWorks SCADA Data Gateway versions 2.41.0213 through 4.0.122 Triangle MicroWorks SCADA Data Gateway versions 3.02.0697 through 4.0.122

Description The issue allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is not required to exploit this issue. This is only applicable to installations using DNP3 Data Sets.

Recommendations For versions 2.41.0213 through 4.0.122, consider restricting access to the DNP3 Data Sets until a patch is available. For versions 3.02.0697 through 4.0.122, consider implementing additional validation for user-supplied data to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.