CVE-2020-10615

Name of the Vulnerable Software and Affected Versions Triangle MicroWorks SCADA Data Gateway versions 2.41.0213 through 4.0.122 Triangle MicroWorks SCADA Data Gateway versions 3.02.0697 through 4.0.122

Description The issue allows remote attackers to cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this issue. It is related to a stack-based buffer overflow remote code execution vulnerability in the DNP3 GET FILE INFO function.

Recommendations For Triangle MicroWorks SCADA Data Gateway versions 2.41.0213 through 4.0.122, consider restricting access to the DNP3 protocol to minimize the risk of exploitation until a patch is available. For Triangle MicroWorks SCADA Data Gateway versions 3.02.0697 through 4.0.122, consider implementing additional validation for user-supplied data length to prevent buffer overflows. At the moment, there is no information about a newer version that contains a fix for this issue.