CVE-2023-39466

Name of the Vulnerable Software and Affected Versions Triangle MicroWorks SCADA Data Gateway (affected versions not specified)

Description This issue allows remote attackers to disclose sensitive information on affected installations due to missing authentication. The specific flaw exists within the "get config" endpoint, resulting from the lack of authentication prior to allowing access to functionality. An attacker can leverage this to disclose sensitive information. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations As a temporary workaround, consider disabling the get config endpoint until a patch is available. Restrict access to the get config functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.