CVE-2023-39457 - OpenCVE

Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new
https://www.zerodayinitiative.com/advisories/ZDI-23-1025/

History

No history.

MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2024-05-03T01:59:22.050Z

Updated: 2024-08-02T18:10:20.768Z

Reserved: 2023-08-02T21:37:23.120Z

Link: CVE-2023-39457

Vulnrichment

Updated: 2024-08-02T18:10:20.768Z

NVD

Status : Awaiting Analysis

Published: 2024-05-03T03:15:10.647

Modified: 2024-05-03T12:50:12.213

Link: CVE-2023-39457

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39457", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2023-08-02T21:37:23.120Z", "datePublished": "2024-05-03T01:59:22.050Z", "dateUpdated": "2024-08-02T18:10:20.768Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2024-05-03T01:59:22.050Z"}, "title": "Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability", "descriptions": [{"lang": "en", "value": "Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501."}], "affected": [{"vendor": "Triangle MicroWorks", "product": "SCADA Data Gateway", "versions": [{"version": "5.1.3.20324", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/", "name": "ZDI-23-1025", "tags": ["x_research-advisory"]}, {"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2023-08-02T16:44:31.367-05:00", "datePublic": "2023-08-04T13:14:52.000-05:00", "source": {"lang": "en", "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39457", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-08T17:18:26.342775Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"], "vendor": "trianglemicroworks", "product": "scada_data_gateway", "versions": [{"status": "affected", "version": "5.1.3.20324"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:26:56.761Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:20.768Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/", "name": "ZDI-23-1025", "tags": ["x_research-advisory", "x_transferred"]}, {"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new", "name": "vendor-provided URL", "tags": ["vendor-advisory", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/", "name": "ZDI-23-1025", "tags": ["x_research-advisory", "x_transferred"]}, {"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new", "name": "vendor-provided URL", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:20.768Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39457", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-08T17:18:26.342775Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"], "vendor": "trianglemicroworks", "product": "scada_data_gateway", "versions": [{"status": "affected", "version": "5.1.3.20324"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-08T17:18:34.841Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability", "source": {"lang": "en", "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Triangle MicroWorks", "product": "SCADA Data Gateway", "versions": [{"status": "affected", "version": "5.1.3.20324"}], "defaultStatus": "unknown"}], "datePublic": "2023-08-04T13:14:52.000-05:00", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/", "name": "ZDI-23-1025", "tags": ["x_research-advisory"]}, {"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2023-08-02T16:44:31.367-05:00", "descriptions": [{"lang": "en", "value": "Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2024-05-03T01:59:22.050Z"}}}, "cveMetadata": {"cveId": "CVE-2023-39457", "state": "PUBLISHED", "dateUpdated": "2024-08-02T18:10:20.768Z", "dateReserved": "2023-08-02T21:37:23.120Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2024-05-03T01:59:22.050Z", "assignerShortName": "zdi"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501."}, {"lang": "es", "value": "Vulnerabilidad de autenticaci\u00f3n faltante en la puerta de enlace de datos SCADA de Triangle MicroWorks. Esta vulnerabilidad permite a atacantes remotos evitar la autenticaci\u00f3n en las instalaciones afectadas de Triangle MicroWorks SCADA Data Gateway. No se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe debido a la falta de autenticaci\u00f3n del usuario. El problema se debe a la falta de autenticaci\u00f3n en la configuraci\u00f3n predeterminada del sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz. Era ZDI-CAN-20501."}], "id": "CVE-2023-39457", "lastModified": "2024-05-03T12:50:12.213", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2024-05-03T03:15:10.647", "references": [{"source": "zdi-disclosures@trendmicro.com", "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new"}, {"source": "zdi-disclosures@trendmicro.com", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}