CVE-2023-39457

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Triangle MicroWorks SCADA Data Gateway (affected versions not specified)

Description The issue is related to insufficient authentication procedures in the SCADA Data Gateway system, allowing remote attackers to bypass security restrictions and gain unauthorized access. The specific flaw exists due to the lack of user authentication, resulting from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

BDU:2023-04676

CVE-2023-39457

ZDI-23-1025

Affected Products

Scada Data Gateway

CVE-2023-39457

Weakness Enumeration

Related Identifiers

Affected Products

References · 10