CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10613 – Triangle MicroWorks SCADA Data Gateway DNP3 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-10613
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets. Triangle MicroWorks SCADA Data Gateway versiones 3.02.0697 hasta 4.0.122, versiones 2.41.0213 hasta 4.0.122, permite a atacantes remotos divulgar información confidencial debido a la falta de comprobación apropiada de los datos suministrados por el usuario, lo que puede resultar en una lectura más allá del final de una estructura asignada. No es requerida una autenticación para explotar esta vulnerabilidad. • https://www.us-cert.gov/ics/advisories/icsa-20-105-03 https://www.zerodayinitiative.com/advisories/ZDI-20-548 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10615 – Triangle Microworks SCADA Data Gateway DNP3 GET_FILE_INFO Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-10615
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability. Triangle MicroWorks SCADA Data Gateway versiones 3.02.0697 hasta 4.0.122, versiones 2.41.0213 hasta 4.0.122, permite a atacantes remotos causar una condición de denegación de servicio debido a la falta de una comprobación apropiada de la longitud de datos suministrados por el usuario, antes de copiar en un búfer en la región stack de la memoria de longitud fija. No es requerida una autenticación para explotar esta vulnerabilidad. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle Microworks SCADA Data Gateway. • https://www.us-cert.gov/ics/advisories/icsa-20-105-03 https://www.zerodayinitiative.com/advisories/ZDI-20-547 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 2.1EPSS: 0%CPEs: 58EXPL: 0CVE-2014-2343
https://notcve.org/view.php?id=CVE-2014-2343
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. Triangle MicroWorks SCADA Data Gateway anterior a 3.00.0635 permite a atacantes físicamente próximos causar una denegación de servicio (procesamiento de datos excesivo) a través de una solicitud DNP manipulada sobre una línea de serie. • http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01 http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 58EXPL: 0CVE-2014-2342
https://notcve.org/view.php?id=CVE-2014-2342
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. Triangle MicroWorks SCADA Data Gateway anterior a 3.00.0635 permite a atacantes remotos causar una denegación de servicio (procesamiento de datos excesivo) a través de una paquete DNP3 manipulado. • http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01 http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-2793
https://notcve.org/view.php?id=CVE-2013-2793
Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Triangle MicroWorks SCADA Data Gateway 2.50.0309 hasta 3.00.0616 , Componentes de Protocolo DNP3 .NET 3.06.0.171 hasta 3.15.0.369 y Librerías C DNP3 3.06.0000 hasta 3.15.0000 permiten a un atacante remoto causar una denegación de servicio (bucle infinito) a través de un paquete TCP DNP3 manipulado. • http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01 http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •