CVE-2023-39463 – Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-39463
Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new https://www.zerodayinitiative.com/advisories/ZDI-23-1031 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-39465 – Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-39465
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. • https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new https://www.zerodayinitiative.com/advisories/ZDI-23-1033 • CWE-321: Use of Hard-coded Cryptographic Key •
CVE-2023-39464 – Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-39464
Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. • https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new https://www.zerodayinitiative.com/advisories/ZDI-23-1032 • CWE-428: Unquoted Search Path or Element •
CVE-2023-39466 – Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-39466
Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. • https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new https://www.zerodayinitiative.com/advisories/ZDI-23-1034 • CWE-306: Missing Authentication for Critical Function •
CVE-2023-39459 – Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability
https://notcve.org/view.php?id=CVE-2023-39459
Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. • https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new https://www.zerodayinitiative.com/advisories/ZDI-23-1027 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •