11 results (0.013 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new https://www.zerodayinitiative.com/advisories/ZDI-23-1031 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. • https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new https://www.zerodayinitiative.com/advisories/ZDI-23-1033 • CWE-321: Use of Hard-coded Cryptographic Key •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. • https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new https://www.zerodayinitiative.com/advisories/ZDI-23-1032 • CWE-428: Unquoted Search Path or Element •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. • https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new https://www.zerodayinitiative.com/advisories/ZDI-23-1034 • CWE-306: Missing Authentication for Critical Function •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. • https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new https://www.zerodayinitiative.com/advisories/ZDI-23-1026 • CWE-798: Use of Hard-coded Credentials •