Search criteria
41 vulnerabilities found for SCADA Data Gateway by Triangle MicroWorks
CVE-2022-0369 (GCVE-0-2022-0369)
Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-02 23:25
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227.
Severity ?
7.2 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.01.01
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.01.01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.01.01"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:07:32.283678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:09:35.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-450",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-450/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.01.01"
}
]
}
],
"dateAssigned": "2022-01-25T16:23:37.257-06:00",
"datePublic": "2023-04-14T14:00:47.542-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:55.247Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-450",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-450/"
}
],
"source": {
"lang": "en",
"value": "Steven Seeley (mr_me) and Chris Anastasio (muffin) of Incite Team"
},
"title": "Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-0369",
"datePublished": "2024-05-07T22:54:55.247Z",
"dateReserved": "2022-01-25T22:22:48.663Z",
"dateUpdated": "2024-08-02T23:25:40.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39468 (GCVE-0-2023-39468)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability.
The specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20799.
Severity ?
7.2 (High)
CWE
- CWE-749 - Exposed Dangerous Method or Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:19:46.064913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:09.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1036",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1036/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.433-05:00",
"datePublic": "2023-08-04T13:44:48.544-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20799."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:30.325Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1036",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1036/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Uri Katz of Claroty Team82"
},
"title": "Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39468",
"datePublished": "2024-05-03T01:59:30.325Z",
"dateReserved": "2023-08-02T21:37:23.123Z",
"dateUpdated": "2024-08-02T18:10:20.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39467 (GCVE-0-2023-39467)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of certificate web directory. The issue results from the exposure of sensitive information in the application webroot. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20798.
Severity ?
5.3 (Medium)
CWE
- CWE-219 - Storage of File with Sensitive Data Under Web Root
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T19:22:23.242020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:51.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1035",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1035/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.427-05:00",
"datePublic": "2023-08-04T13:43:42.003-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of certificate web directory. The issue results from the exposure of sensitive information in the application webroot. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20798."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-219",
"description": "CWE-219: Storage of File with Sensitive Data Under Web Root",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:29.616Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1035",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1035/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Uri Katz of Claroty Team82"
},
"title": "Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39467",
"datePublished": "2024-05-03T01:59:29.616Z",
"dateReserved": "2023-08-02T21:37:23.123Z",
"dateUpdated": "2024-08-02T18:10:20.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39466 (GCVE-0-2023-39466)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797.
Severity ?
5.3 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:12:42.172392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:15:39.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1034",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1034/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.422-05:00",
"datePublic": "2023-08-04T13:42:39.807-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:28.811Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1034",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1034/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Uri Katz of Claroty Team82"
},
"title": "Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39466",
"datePublished": "2024-05-03T01:59:28.811Z",
"dateReserved": "2023-08-02T21:37:23.123Z",
"dateUpdated": "2024-08-02T18:10:20.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39465 (GCVE-0-2023-39465)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615.
Severity ?
7.5 (High)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39465",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T15:37:18.521094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:05.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1033",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1033/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.416-05:00",
"datePublic": "2023-08-04T13:41:33.328-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:28.085Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1033",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1033/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Uri Katz of Claroty Team82"
},
"title": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39465",
"datePublished": "2024-05-03T01:59:28.085Z",
"dateReserved": "2023-08-02T21:37:23.122Z",
"dateUpdated": "2024-08-02T18:10:21.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39464 (GCVE-0-2023-39464)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538.
Severity ?
7.2 (High)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:13:49.483707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:11.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1032",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1032/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.411-05:00",
"datePublic": "2023-08-04T13:40:15.323-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428: Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:27.382Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1032",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1032/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Team ECQ"
},
"title": "Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39464",
"datePublished": "2024-05-03T01:59:27.382Z",
"dateReserved": "2023-08-02T21:37:23.122Z",
"dateUpdated": "2024-08-02T18:10:20.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39463 (GCVE-0-2023-39463)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537.
Severity ?
7.2 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:16:15.340389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:02.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1031",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1031/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.406-05:00",
"datePublic": "2023-08-04T13:39:23.964-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:26.598Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1031",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1031/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Team ECQ"
},
"title": "Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39463",
"datePublished": "2024-05-03T01:59:26.598Z",
"dateReserved": "2023-08-02T21:37:23.121Z",
"dateUpdated": "2024-08-02T18:10:20.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39461 (GCVE-0-2023-39461)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535.
Severity ?
4.4 (Medium)
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T19:12:41.966123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:58.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1029",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1029/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.394-05:00",
"datePublic": "2023-08-04T13:37:00.078-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117: Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:25.080Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1029",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1029/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39461",
"datePublished": "2024-05-03T01:59:25.080Z",
"dateReserved": "2023-08-02T21:37:23.121Z",
"dateUpdated": "2024-08-02T18:10:20.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39462 (GCVE-0-2023-39462)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilitites to execute arbitrary code in the context of root. Was ZDI-CAN-20536.
Severity ?
6.5 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:16:53.971929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:04.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1030",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1030/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.400-05:00",
"datePublic": "2023-08-04T13:37:32.567-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilitites to execute arbitrary code in the context of root. Was ZDI-CAN-20536."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:25.792Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1030",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1030/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39462",
"datePublished": "2024-05-03T01:59:25.792Z",
"dateReserved": "2023-08-02T21:37:23.121Z",
"dateUpdated": "2024-08-02T18:10:20.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39460 (GCVE-0-2023-39460)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534.
Severity ?
7.2 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:18:57.800496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:58.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1028",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1028/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.388-05:00",
"datePublic": "2023-08-04T13:35:57.232-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:24.376Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1028",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1028/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39460",
"datePublished": "2024-05-03T01:59:24.376Z",
"dateReserved": "2023-08-02T21:37:23.121Z",
"dateUpdated": "2024-08-02T18:10:20.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39459 (GCVE-0-2023-39459)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531.
Severity ?
7.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T19:23:56.632854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:02.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1027",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.382-05:00",
"datePublic": "2023-08-04T13:33:53.589-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:23.567Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1027",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Li Jiantao, Ngo Wei Lin, Pan Zhenpeng of STAR Labs SG Pte. Ltd."
},
"title": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39459",
"datePublished": "2024-05-03T01:59:23.567Z",
"dateReserved": "2023-08-02T21:37:23.121Z",
"dateUpdated": "2024-08-02T18:10:20.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39458 (GCVE-0-2023-39458)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20509.
Severity ?
5.3 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:17:39.486576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:03.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1026",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1026/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.375-05:00",
"datePublic": "2023-08-04T13:32:39.881-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20509."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:22.784Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1026",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1026/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Team ECQ"
},
"title": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39458",
"datePublished": "2024-05-03T01:59:22.784Z",
"dateReserved": "2023-08-02T21:37:23.121Z",
"dateUpdated": "2024-08-02T18:10:20.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39457 (GCVE-0-2023-39457)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:18:26.342775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:56.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1025",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.367-05:00",
"datePublic": "2023-08-04T13:14:52.000-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:22.050Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1025",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39457",
"datePublished": "2024-05-03T01:59:22.050Z",
"dateReserved": "2023-08-02T21:37:23.120Z",
"dateUpdated": "2024-08-02T18:10:20.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0369 (GCVE-0-2022-0369)
Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-02 23:25
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227.
Severity ?
7.2 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.01.01
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.01.01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.01.01"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:07:32.283678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:09:35.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-450",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-450/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.01.01"
}
]
}
],
"dateAssigned": "2022-01-25T16:23:37.257-06:00",
"datePublic": "2023-04-14T14:00:47.542-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:55.247Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-450",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-450/"
}
],
"source": {
"lang": "en",
"value": "Steven Seeley (mr_me) and Chris Anastasio (muffin) of Incite Team"
},
"title": "Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-0369",
"datePublished": "2024-05-07T22:54:55.247Z",
"dateReserved": "2022-01-25T22:22:48.663Z",
"dateUpdated": "2024-08-02T23:25:40.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39468 (GCVE-0-2023-39468)
Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability.
The specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20799.
Severity ?
7.2 (High)
CWE
- CWE-749 - Exposed Dangerous Method or Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:19:46.064913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:09.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1036",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1036/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.433-05:00",
"datePublic": "2023-08-04T13:44:48.544-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20799."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:30.325Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1036",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1036/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Uri Katz of Claroty Team82"
},
"title": "Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39468",
"datePublished": "2024-05-03T01:59:30.325Z",
"dateReserved": "2023-08-02T21:37:23.123Z",
"dateUpdated": "2024-08-02T18:10:20.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39467 (GCVE-0-2023-39467)
Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of certificate web directory. The issue results from the exposure of sensitive information in the application webroot. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20798.
Severity ?
5.3 (Medium)
CWE
- CWE-219 - Storage of File with Sensitive Data Under Web Root
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T19:22:23.242020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:51.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1035",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1035/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.427-05:00",
"datePublic": "2023-08-04T13:43:42.003-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of certificate web directory. The issue results from the exposure of sensitive information in the application webroot. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20798."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-219",
"description": "CWE-219: Storage of File with Sensitive Data Under Web Root",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:29.616Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1035",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1035/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Uri Katz of Claroty Team82"
},
"title": "Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39467",
"datePublished": "2024-05-03T01:59:29.616Z",
"dateReserved": "2023-08-02T21:37:23.123Z",
"dateUpdated": "2024-08-02T18:10:20.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39466 (GCVE-0-2023-39466)
Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797.
Severity ?
5.3 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:12:42.172392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:15:39.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1034",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1034/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.422-05:00",
"datePublic": "2023-08-04T13:42:39.807-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:28.811Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1034",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1034/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Uri Katz of Claroty Team82"
},
"title": "Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39466",
"datePublished": "2024-05-03T01:59:28.811Z",
"dateReserved": "2023-08-02T21:37:23.123Z",
"dateUpdated": "2024-08-02T18:10:20.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39465 (GCVE-0-2023-39465)
Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615.
Severity ?
7.5 (High)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39465",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T15:37:18.521094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:05.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1033",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1033/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.416-05:00",
"datePublic": "2023-08-04T13:41:33.328-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:28.085Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1033",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1033/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Uri Katz of Claroty Team82"
},
"title": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39465",
"datePublished": "2024-05-03T01:59:28.085Z",
"dateReserved": "2023-08-02T21:37:23.122Z",
"dateUpdated": "2024-08-02T18:10:21.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39464 (GCVE-0-2023-39464)
Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538.
Severity ?
7.2 (High)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:13:49.483707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:11.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1032",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1032/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.411-05:00",
"datePublic": "2023-08-04T13:40:15.323-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428: Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:27.382Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1032",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1032/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Team ECQ"
},
"title": "Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39464",
"datePublished": "2024-05-03T01:59:27.382Z",
"dateReserved": "2023-08-02T21:37:23.122Z",
"dateUpdated": "2024-08-02T18:10:20.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39463 (GCVE-0-2023-39463)
Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537.
Severity ?
7.2 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:16:15.340389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:02.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1031",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1031/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.406-05:00",
"datePublic": "2023-08-04T13:39:23.964-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:26.598Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1031",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1031/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Team ECQ"
},
"title": "Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39463",
"datePublished": "2024-05-03T01:59:26.598Z",
"dateReserved": "2023-08-02T21:37:23.121Z",
"dateUpdated": "2024-08-02T18:10:20.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39461 (GCVE-0-2023-39461)
Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535.
Severity ?
4.4 (Medium)
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T19:12:41.966123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:58.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1029",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1029/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.394-05:00",
"datePublic": "2023-08-04T13:37:00.078-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117: Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:25.080Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1029",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1029/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39461",
"datePublished": "2024-05-03T01:59:25.080Z",
"dateReserved": "2023-08-02T21:37:23.121Z",
"dateUpdated": "2024-08-02T18:10:20.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39462 (GCVE-0-2023-39462)
Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilitites to execute arbitrary code in the context of root. Was ZDI-CAN-20536.
Severity ?
6.5 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:16:53.971929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:04.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1030",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1030/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.400-05:00",
"datePublic": "2023-08-04T13:37:32.567-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilitites to execute arbitrary code in the context of root. Was ZDI-CAN-20536."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:25.792Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1030",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1030/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39462",
"datePublished": "2024-05-03T01:59:25.792Z",
"dateReserved": "2023-08-02T21:37:23.121Z",
"dateUpdated": "2024-08-02T18:10:20.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39460 (GCVE-0-2023-39460)
Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534.
Severity ?
7.2 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:18:57.800496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:58.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1028",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1028/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.388-05:00",
"datePublic": "2023-08-04T13:35:57.232-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:24.376Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1028",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1028/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39460",
"datePublished": "2024-05-03T01:59:24.376Z",
"dateReserved": "2023-08-02T21:37:23.121Z",
"dateUpdated": "2024-08-02T18:10:20.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39459 (GCVE-0-2023-39459)
Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531.
Severity ?
7.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T19:23:56.632854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:02.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1027",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.382-05:00",
"datePublic": "2023-08-04T13:33:53.589-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:23.567Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1027",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Li Jiantao, Ngo Wei Lin, Pan Zhenpeng of STAR Labs SG Pte. Ltd."
},
"title": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39459",
"datePublished": "2024-05-03T01:59:23.567Z",
"dateReserved": "2023-08-02T21:37:23.121Z",
"dateUpdated": "2024-08-02T18:10:20.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39458 (GCVE-0-2023-39458)
Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20509.
Severity ?
5.3 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:17:39.486576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:03.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1026",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1026/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.375-05:00",
"datePublic": "2023-08-04T13:32:39.881-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20509."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:22.784Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1026",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1026/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Team ECQ"
},
"title": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39458",
"datePublished": "2024-05-03T01:59:22.784Z",
"dateReserved": "2023-08-02T21:37:23.121Z",
"dateUpdated": "2024-08-02T18:10:20.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39457 (GCVE-0-2023-39457)
Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
VLAI?
Summary
Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Triangle MicroWorks | SCADA Data Gateway |
Affected:
5.1.3.20324
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scada_data_gateway",
"vendor": "trianglemicroworks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:18:26.342775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:56.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1025",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SCADA Data Gateway",
"vendor": "Triangle MicroWorks",
"versions": [
{
"status": "affected",
"version": "5.1.3.20324"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.367-05:00",
"datePublic": "2023-08-04T13:14:52.000-05:00",
"descriptions": [
{
"lang": "en",
"value": "Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:22.050Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1025",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39457",
"datePublished": "2024-05-03T01:59:22.050Z",
"dateReserved": "2023-08-02T21:37:23.120Z",
"dateUpdated": "2024-08-02T18:10:20.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201309-0200
Vulnerability from variot - Updated: 2023-12-18 13:34Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). Triangle MicroWorks multiple product-related IP-based devices incorrectly verify input, allowing an attacker to exploit a vulnerability to submit a specially crafted TCP message to cause the software to cause an infinite loop, causing the process to crash and requiring a manual reboot to get normal functionality. Multiple Triangle MicroWorks products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. Note: This issue affects the IP connected devices. SDG is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server. DNP3 .NET Protocol components is a set of .NET framework components that support DNP3. DNP3 ANSI C source code libraries is a source code library based on the ANSI C standard
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0200",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ansi c source code libraries",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.06.0000"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.50"
},
{
"model": ".net communication protocol components",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.06.0.171"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.00.0616"
},
{
"model": "ansi c source code libraries",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.15.0000"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.50.0309"
},
{
"model": ".net communication protocol components",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.15.0.369"
},
{
"model": ".net protocol components",
"scope": "eq",
"trust": 0.8,
"vendor": "triangle microworks",
"version": "3.06.0.171 to 3.15.0.369"
},
{
"model": "ansi standard c source code libraries",
"scope": "eq",
"trust": 0.8,
"vendor": "triangle microworks",
"version": "3.06.0000 to 3.15.0000"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "triangle microworks",
"version": "2.50.0309 to 3.00.0616"
},
{
"model": "microworks scada data gateway to",
"scope": "eq",
"trust": 0.6,
"vendor": "triangle",
"version": "2.50.03093.00.0616"
},
{
"model": "microworks dnp3 .net protocol components to",
"scope": "eq",
"trust": 0.6,
"vendor": "triangle",
"version": "3.06.0.1713.15.0.369"
},
{
"model": "microworks dnp3 ansi c source code libraries to",
"scope": "eq",
"trust": 0.6,
"vendor": "triangle",
"version": "3.06.00003.15.0000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "net communication protocol components",
"version": "3.06.0.171"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "net communication protocol components",
"version": "3.15.0.369"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ansi c source code libraries",
"version": "3.06.0000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ansi c source code libraries",
"version": "3.15.0000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.50.0309"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "3.00.0616"
}
],
"sources": [
{
"db": "IVD",
"id": "b4cce158-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12783"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004002"
},
{
"db": "NVD",
"id": "CVE-2013-2793"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-536"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.15.0.369:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.06.0000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.15.0000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.06.0.171:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50.0309:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0616:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2793"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain of Automatak and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "62087"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-536"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2793",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-2793",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-12783",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "b4cce158-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-62795",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2793",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-12783",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-536",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b4cce158-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-62795",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b4cce158-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12783"
},
{
"db": "VULHUB",
"id": "VHN-62795"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004002"
},
{
"db": "NVD",
"id": "CVE-2013-2793"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-536"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). Triangle MicroWorks multiple product-related IP-based devices incorrectly verify input, allowing an attacker to exploit a vulnerability to submit a specially crafted TCP message to cause the software to cause an infinite loop, causing the process to crash and requiring a manual reboot to get normal functionality. Multiple Triangle MicroWorks products are prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected device, denying service to legitimate users. \nNote: This issue affects the IP connected devices. SDG is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server. DNP3 .NET Protocol components is a set of .NET framework components that support DNP3. DNP3 ANSI C source code libraries is a source code library based on the ANSI C standard",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2793"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004002"
},
{
"db": "CNVD",
"id": "CNVD-2013-12783"
},
{
"db": "BID",
"id": "62087"
},
{
"db": "IVD",
"id": "b4cce158-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-62795"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2793",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-240-01",
"trust": 3.1
},
{
"db": "BID",
"id": "62087",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201308-536",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-12783",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004002",
"trust": 0.8
},
{
"db": "IVD",
"id": "B4CCE158-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-62795",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b4cce158-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12783"
},
{
"db": "VULHUB",
"id": "VHN-62795"
},
{
"db": "BID",
"id": "62087"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004002"
},
{
"db": "NVD",
"id": "CVE-2013-2793"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-536"
}
]
},
"id": "VAR-201309-0200",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b4cce158-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12783"
},
{
"db": "VULHUB",
"id": "VHN-62795"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b4cce158-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12783"
}
]
},
"last_update_date": "2023-12-18T13:34:45.090000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Triangle MicroWorks, Inc. DNP3 Master Source Code Library",
"trust": 0.8,
"url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
},
{
"title": "Triangle MicroWorks Multiple Products Patches for Denial of Service Vulnerabilities Based on IP-Specific TCP Packets",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/39294"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12783"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62795"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004002"
},
{
"db": "NVD",
"id": "CVE-2013-2793"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-240-01"
},
{
"trust": 2.3,
"url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2793"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2793"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62087"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12783"
},
{
"db": "VULHUB",
"id": "VHN-62795"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004002"
},
{
"db": "NVD",
"id": "CVE-2013-2793"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-536"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b4cce158-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12783"
},
{
"db": "VULHUB",
"id": "VHN-62795"
},
{
"db": "BID",
"id": "62087"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004002"
},
{
"db": "NVD",
"id": "CVE-2013-2793"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-536"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-04T00:00:00",
"db": "IVD",
"id": "b4cce158-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12783"
},
{
"date": "2013-09-09T00:00:00",
"db": "VULHUB",
"id": "VHN-62795"
},
{
"date": "2013-08-28T00:00:00",
"db": "BID",
"id": "62087"
},
{
"date": "2013-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004002"
},
{
"date": "2013-09-09T11:39:08.427000",
"db": "NVD",
"id": "CVE-2013-2793"
},
{
"date": "2013-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-536"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12783"
},
{
"date": "2013-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-62795"
},
{
"date": "2013-10-21T01:19:00",
"db": "BID",
"id": "62087"
},
{
"date": "2013-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004002"
},
{
"date": "2013-09-25T21:58:15.317000",
"db": "NVD",
"id": "CVE-2013-2793"
},
{
"date": "2013-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-536"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-536"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Triangle MicroWorks Service disruption in products (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004002"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "b4cce158-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-536"
}
],
"trust": 0.8
}
}
VAR-201309-0201
Vulnerability from variot - Updated: 2023-12-18 13:34Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). Multiple Triangle MicroWorks products are prone to a local denial-of-service vulnerability. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. NOTE: To exploit this issue, local access to the serial-based outstation is required. SDG is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server. DNP3 .NET Protocol components is a set of .NET framework components that support DNP3. DNP3 ANSI C source code libraries is a source code library based on the ANSI C standard
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0201",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.54.0536"
},
{
"model": "ansi c source code libraries",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.12.0000"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.54.0518"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.54.0528"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.53"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.51"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.54.0517"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.54.0516"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.54.0529"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.54.0515"
},
{
"model": ".net communication protocol components",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.09.00"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0579"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0552"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0591"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0573"
},
{
"model": ".net communication protocol components",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.08.00"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0587"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0588"
},
{
"model": ".net communication protocol components",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.11.00"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0597"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0598"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0544"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0545"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0596"
},
{
"model": "ansi c source code libraries",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.06.0000"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0595"
},
{
"model": ".net communication protocol components",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.07.00"
},
{
"model": ".net communication protocol components",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.14.00"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0571"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0572"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0565"
},
{
"model": "ansi c source code libraries",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.08.0000"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.00.0616"
},
{
"model": "ansi c source code libraries",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.09.0000"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0581"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0553"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0567"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0592"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0558"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0569"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.50.0309"
},
{
"model": ".net communication protocol components",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.15.0.369"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0564"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0580"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0583"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0566"
},
{
"model": "ansi c source code libraries",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.15.0000"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0540"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0589"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.50"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0561"
},
{
"model": "ansi c source code libraries",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.13.0000"
},
{
"model": "ansi c source code libraries",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.10.0000"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0578"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0570"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0577"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0576"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0562"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0574"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0584"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0590"
},
{
"model": ".net communication protocol components",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.15.00"
},
{
"model": "ansi c source code libraries",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.07.0000"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0586"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0594"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0599"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0582"
},
{
"model": ".net communication protocol components",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.06.0.171"
},
{
"model": ".net communication protocol components",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.10.00"
},
{
"model": "ansi c source code libraries",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.11.0000"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0575"
},
{
"model": "ansi c source code libraries",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.14.0000"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.00"
},
{
"model": ".net protocol components",
"scope": "eq",
"trust": 0.8,
"vendor": "triangle microworks",
"version": "3.06.0.171 to 3.15.0.369"
},
{
"model": "ansi standard c source code libraries",
"scope": "eq",
"trust": 0.8,
"vendor": "triangle microworks",
"version": "3.06.0000 to 3.15.0000"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "triangle microworks",
"version": "2.50.0309 to 3.00.0616"
},
{
"model": "microworks scada data gateway to",
"scope": "eq",
"trust": 0.6,
"vendor": "triangle",
"version": "2.50.03093.00.0616"
},
{
"model": "microworks dnp3 .net protocol components to",
"scope": "eq",
"trust": 0.6,
"vendor": "triangle",
"version": "3.06.0.1713.15.0.369"
},
{
"model": "microworks dnp3 ansi c source code libraries to",
"scope": "eq",
"trust": 0.6,
"vendor": "triangle",
"version": "3.06.00003.15.0000"
},
{
"model": "microworks scada data gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "triangle",
"version": "3.0.616"
},
{
"model": "microworks scada data gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "triangle",
"version": "2.50.309"
},
{
"model": "microworks dnp3 ansi c source code libraries",
"scope": "eq",
"trust": 0.3,
"vendor": "triangle",
"version": "3.15"
},
{
"model": "microworks dnp3 ansi c source code libraries",
"scope": "eq",
"trust": 0.3,
"vendor": "triangle",
"version": "3.6"
},
{
"model": "microworks dnp3 .net protocol components",
"scope": "eq",
"trust": 0.3,
"vendor": "triangle",
"version": "3.15369"
},
{
"model": "microworks dnp3 .net protocol components",
"scope": "eq",
"trust": 0.3,
"vendor": "triangle",
"version": "3.6171"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ansi c source code libraries",
"version": "3.06.0000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ansi c source code libraries",
"version": "3.07.0000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ansi c source code libraries",
"version": "3.08.0000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ansi c source code libraries",
"version": "3.09.0000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ansi c source code libraries",
"version": "3.10.0000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ansi c source code libraries",
"version": "3.11.0000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ansi c source code libraries",
"version": "3.12.0000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ansi c source code libraries",
"version": "3.13.0000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ansi c source code libraries",
"version": "3.14.0000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ansi c source code libraries",
"version": "3.15.0000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "net communication protocol components",
"version": "3.06.0.171"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "net communication protocol components",
"version": "3.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "net communication protocol components",
"version": "3.08.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "net communication protocol components",
"version": "3.09.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "net communication protocol components",
"version": "3.10.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "net communication protocol components",
"version": "3.11.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "net communication protocol components",
"version": "3.14.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "net communication protocol components",
"version": "3.15.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "net communication protocol components",
"version": "3.15.0.369"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.50.0309"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.51"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.53"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0515"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0516"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0517"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0518"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0528"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0529"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0536"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0540"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0544"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0545"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0552"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0553"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0558"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0561"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0562"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0564"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0565"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0566"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0567"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0569"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0570"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0571"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0572"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0573"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0574"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0575"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0576"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0577"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0578"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0579"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0580"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0581"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0582"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0583"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0584"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0586"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0587"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0588"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0589"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0590"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0591"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0592"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0594"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0595"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0596"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0597"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0598"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "2.54.0599"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "3.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada data gateway",
"version": "3.00.0616"
}
],
"sources": [
{
"db": "IVD",
"id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12784"
},
{
"db": "BID",
"id": "62086"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004003"
},
{
"db": "NVD",
"id": "CVE-2013-2794"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-537"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.09.0000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.07.0000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.14.0000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.13.0000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.12.0000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.11.0000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.10.0000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.15.0000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.08.0000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.06.0000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.06.0.171:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.15.0.369:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.15.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.09.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.08.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.14.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.10.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0598:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0597:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0596:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0595:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0594:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0579:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0578:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0577:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0576:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0558:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0553:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0552:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0545:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0592:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0590:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0582:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0580:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0575:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0573:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0565:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0562:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0529:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0515:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50.0309:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0588:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0587:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0586:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0584:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0571:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0570:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0569:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0567:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0566:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0528:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0518:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0517:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0516:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0616:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0599:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0591:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0589:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0583:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0581:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0574:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0572:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0564:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0561:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0544:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0536:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2794"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain of Automatak and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "62086"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-537"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2794",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 4.9,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-2794",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "CNVD-2013-12784",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "b4d56c60-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-62796",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2794",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-12784",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-537",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b4d56c60-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-62796",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12784"
},
{
"db": "VULHUB",
"id": "VHN-62796"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004003"
},
{
"db": "NVD",
"id": "CVE-2013-2794"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-537"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). Multiple Triangle MicroWorks products are prone to a local denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected device, denying service to legitimate users. \nNOTE: To exploit this issue, local access to the serial-based outstation is required. SDG is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server. DNP3 .NET Protocol components is a set of .NET framework components that support DNP3. DNP3 ANSI C source code libraries is a source code library based on the ANSI C standard",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2794"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004003"
},
{
"db": "CNVD",
"id": "CNVD-2013-12784"
},
{
"db": "BID",
"id": "62086"
},
{
"db": "IVD",
"id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-62796"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2794",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-240-01",
"trust": 3.4
},
{
"db": "BID",
"id": "62086",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201308-537",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-12784",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004003",
"trust": 0.8
},
{
"db": "IVD",
"id": "B4D56C60-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-62796",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12784"
},
{
"db": "VULHUB",
"id": "VHN-62796"
},
{
"db": "BID",
"id": "62086"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004003"
},
{
"db": "NVD",
"id": "CVE-2013-2794"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-537"
}
]
},
"id": "VAR-201309-0201",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12784"
},
{
"db": "VULHUB",
"id": "VHN-62796"
}
],
"trust": 1.8659091
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12784"
}
]
},
"last_update_date": "2023-12-18T13:34:45.049000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Triangle MicroWorks, Inc. DNP3 Master Source Code Library",
"trust": 0.8,
"url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
},
{
"title": "Triangle MicroWorks multiple products based on patches for serial local denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/39293"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12784"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004003"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62796"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004003"
},
{
"db": "NVD",
"id": "CVE-2013-2794"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-240-01"
},
{
"trust": 2.6,
"url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2794"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2794"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62086"
},
{
"trust": 0.3,
"url": "http://www.trianglemicroworks.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12784"
},
{
"db": "VULHUB",
"id": "VHN-62796"
},
{
"db": "BID",
"id": "62086"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004003"
},
{
"db": "NVD",
"id": "CVE-2013-2794"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-537"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12784"
},
{
"db": "VULHUB",
"id": "VHN-62796"
},
{
"db": "BID",
"id": "62086"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004003"
},
{
"db": "NVD",
"id": "CVE-2013-2794"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-537"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-04T00:00:00",
"db": "IVD",
"id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12784"
},
{
"date": "2013-09-09T00:00:00",
"db": "VULHUB",
"id": "VHN-62796"
},
{
"date": "2013-08-28T00:00:00",
"db": "BID",
"id": "62086"
},
{
"date": "2013-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004003"
},
{
"date": "2013-09-09T11:39:08.443000",
"db": "NVD",
"id": "CVE-2013-2794"
},
{
"date": "2013-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-537"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12784"
},
{
"date": "2013-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-62796"
},
{
"date": "2013-08-28T00:00:00",
"db": "BID",
"id": "62086"
},
{
"date": "2013-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004003"
},
{
"date": "2013-10-08T17:24:14.033000",
"db": "NVD",
"id": "CVE-2013-2794"
},
{
"date": "2014-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-537"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "62086"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-537"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Triangle MicroWorks Service disruption in products (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004003"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-537"
}
],
"trust": 0.8
}
}
VAR-201405-0278
Vulnerability from variot - Updated: 2023-12-18 13:24Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). An attacker can leverage this issue to consume resources resulting in denial-of-service condition; denying service to legitimate users. Note: To exploit this issue local access to the serial-based outstation is required. Versions prior to SCADA Data Gateway 3.00.0635 are vulnerable. Triangle MicroWorks SCADA Data Gateway (SDG) is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server of Triangle MicroWorks in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0278",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.50"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.54.0517"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.54.0518"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.00.0615"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.00.0612"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.00.0630"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.00.0616"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.54.0516"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.50.0309"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0582"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0590"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0581"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0587"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0595"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0569"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.53"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0591"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0566"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0561"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0558"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0553"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.51"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0583"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0573"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0571"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0577"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0564"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0576"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0529"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0536"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0544"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.00"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0589"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0552"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0574"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0594"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0540"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0572"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0545"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0567"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0598"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0596"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0586"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0570"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0575"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0515"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0565"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0597"
},
{
"model": "scada data gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.00.0633"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0599"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0592"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0528"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0584"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0562"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0588"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0579"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0578"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0580"
},
{
"model": "scada data gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "triangle microworks",
"version": "3.00.0635"
},
{
"model": "microworks scada data gateway",
"scope": null,
"trust": 0.6,
"vendor": "triangle",
"version": null
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "trianglemicroworks",
"version": "3.00.0633"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.50.0309"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.51"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.53"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0515"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0516"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0517"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0518"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0528"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0529"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0536"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0540"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0544"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0545"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0552"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0553"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0558"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0561"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0562"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0564"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0565"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0566"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0567"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0569"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0570"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0571"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0572"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0573"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0574"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0575"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0576"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0577"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0578"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0579"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0580"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0581"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0582"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0583"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0584"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0586"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0587"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0588"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0589"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0590"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0591"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0592"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0594"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0595"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0596"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0597"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0598"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0599"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "3.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "3.00.0612"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "3.00.0615"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "3.00.0616"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "3.00.0630"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "*"
},
{
"model": "microworks scada data gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "triangle",
"version": "3.0.616"
},
{
"model": "microworks scada data gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "triangle",
"version": "3.0.635"
}
],
"sources": [
{
"db": "IVD",
"id": "7d711e01-463f-11e9-bcb6-000c29342cb1"
},
{
"db": "IVD",
"id": "f3bbe450-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03462"
},
{
"db": "BID",
"id": "67723"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002711"
},
{
"db": "NVD",
"id": "CVE-2014-2343"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-581"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0596:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0595:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0594:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0592:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0577:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0576:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0575:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0574:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0552:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0545:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0544:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0630:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0616:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0615:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0612:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0587:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0586:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0584:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0583:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0582:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0569:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0567:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0566:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0565:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0517:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0516:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0515:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0599:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0597:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0591:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0589:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0581:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0579:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0572:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0570:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0564:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0561:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0553:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0536:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0528:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50.0309:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.00.0633",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0598:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0590:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0588:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0580:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0578:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0573:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0571:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0562:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0558:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0529:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0518:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2343"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "67723"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2343",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-2343",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 1.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "CNVD-2014-03462",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 1.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "7d711e01-463f-11e9-bcb6-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 1.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "f3bbe450-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-70282",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2343",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2014-03462",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-581",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "7d711e01-463f-11e9-bcb6-000c29342cb1",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "f3bbe450-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-70282",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d711e01-463f-11e9-bcb6-000c29342cb1"
},
{
"db": "IVD",
"id": "f3bbe450-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03462"
},
{
"db": "VULHUB",
"id": "VHN-70282"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002711"
},
{
"db": "NVD",
"id": "CVE-2014-2343"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-581"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). \nAn attacker can leverage this issue to consume resources resulting in denial-of-service condition; denying service to legitimate users. \nNote: To exploit this issue local access to the serial-based outstation is required. \nVersions prior to SCADA Data Gateway 3.00.0635 are vulnerable. Triangle MicroWorks SCADA Data Gateway (SDG) is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server of Triangle MicroWorks in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2343"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002711"
},
{
"db": "CNVD",
"id": "CNVD-2014-03462"
},
{
"db": "BID",
"id": "67723"
},
{
"db": "IVD",
"id": "7d711e01-463f-11e9-bcb6-000c29342cb1"
},
{
"db": "IVD",
"id": "f3bbe450-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-70282"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2343",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-149-01",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201405-581",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2014-03462",
"trust": 1.0
},
{
"db": "BID",
"id": "67723",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002711",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D711E01-463F-11E9-BCB6-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "F3BBE450-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-70282",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d711e01-463f-11e9-bcb6-000c29342cb1"
},
{
"db": "IVD",
"id": "f3bbe450-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03462"
},
{
"db": "VULHUB",
"id": "VHN-70282"
},
{
"db": "BID",
"id": "67723"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002711"
},
{
"db": "NVD",
"id": "CVE-2014-2343"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-581"
}
]
},
"id": "VAR-201405-0278",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d711e01-463f-11e9-bcb6-000c29342cb1"
},
{
"db": "IVD",
"id": "f3bbe450-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03462"
},
{
"db": "VULHUB",
"id": "VHN-70282"
}
],
"trust": 1.9636364
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d711e01-463f-11e9-bcb6-000c29342cb1"
},
{
"db": "IVD",
"id": "f3bbe450-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03462"
}
]
},
"last_update_date": "2023-12-18T13:24:55.707000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SCADA Data Gateway",
"trust": 0.8,
"url": "http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new"
},
{
"title": "Patch for SCADA Data Gateway Serial Link Device Local Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/46141"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03462"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002711"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70282"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002711"
},
{
"db": "NVD",
"id": "CVE-2014-2343"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-149-01"
},
{
"trust": 1.7,
"url": "http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2343"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2343"
},
{
"trust": 0.3,
"url": "http://www.trianglemicroworks.com/"
},
{
"trust": 0.3,
"url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03462"
},
{
"db": "VULHUB",
"id": "VHN-70282"
},
{
"db": "BID",
"id": "67723"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002711"
},
{
"db": "NVD",
"id": "CVE-2014-2343"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-581"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d711e01-463f-11e9-bcb6-000c29342cb1"
},
{
"db": "IVD",
"id": "f3bbe450-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03462"
},
{
"db": "VULHUB",
"id": "VHN-70282"
},
{
"db": "BID",
"id": "67723"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002711"
},
{
"db": "NVD",
"id": "CVE-2014-2343"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-581"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-06T00:00:00",
"db": "IVD",
"id": "7d711e01-463f-11e9-bcb6-000c29342cb1"
},
{
"date": "2014-06-06T00:00:00",
"db": "IVD",
"id": "f3bbe450-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03462"
},
{
"date": "2014-05-30T00:00:00",
"db": "VULHUB",
"id": "VHN-70282"
},
{
"date": "2014-05-29T00:00:00",
"db": "BID",
"id": "67723"
},
{
"date": "2014-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002711"
},
{
"date": "2014-05-30T23:55:02.783000",
"db": "NVD",
"id": "CVE-2014-2343"
},
{
"date": "2014-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-581"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03462"
},
{
"date": "2014-06-04T00:00:00",
"db": "VULHUB",
"id": "VHN-70282"
},
{
"date": "2014-05-29T00:00:00",
"db": "BID",
"id": "67723"
},
{
"date": "2014-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002711"
},
{
"date": "2014-06-04T14:00:48.170000",
"db": "NVD",
"id": "CVE-2014-2343"
},
{
"date": "2014-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-581"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "67723"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-581"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SCADA Data Gateway Serial Link Device Local Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d711e01-463f-11e9-bcb6-000c29342cb1"
},
{
"db": "IVD",
"id": "f3bbe450-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03462"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "7d711e01-463f-11e9-bcb6-000c29342cb1"
},
{
"db": "IVD",
"id": "f3bbe450-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-581"
}
],
"trust": 1.0
}
}
VAR-201405-0286
Vulnerability from variot - Updated: 2023-12-18 13:24Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). SCADA Data Gateway is prone to a remote denial-of-service vulnerability because the application fails to properly validate the user-supplied input. An attacker can leverage this issue to consume resources resulting in denial-of-service condition; denying service to legitimate users. Note: This issue affects the IP connected devices. Versions prior to SCADA Data Gateway 3.00.0635 are vulnerable. Triangle MicroWorks SCADA Data Gateway (SDG) is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server of Triangle MicroWorks in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0286",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.50"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.53"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.00.0615"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.51"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.54.0583"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.00.0612"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.00.0630"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "3.00.0616"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "trianglemicroworks",
"version": "2.50.0309"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0582"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0590"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0517"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0581"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0587"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0595"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0518"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0569"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0591"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0566"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0561"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0558"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0553"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0573"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0571"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0577"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0564"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0576"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0529"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0536"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0544"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.00"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0589"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0552"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0574"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0594"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0540"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0572"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0545"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0567"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0598"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0596"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0586"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0570"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0575"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0515"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0565"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0597"
},
{
"model": "scada data gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "3.00.0633"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0516"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0599"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0592"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0528"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0584"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0562"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0588"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0579"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0578"
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "2.54.0580"
},
{
"model": "scada data gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "triangle microworks",
"version": "3.00.0635"
},
{
"model": "microworks scada data gateway",
"scope": null,
"trust": 0.6,
"vendor": "triangle",
"version": null
},
{
"model": "scada data gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "trianglemicroworks",
"version": "3.00.0633"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.50.0309"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.51"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.53"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0515"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0516"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0517"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0518"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0528"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0529"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0536"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0540"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0544"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0545"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0552"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0553"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0558"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0561"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0562"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0564"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0565"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0566"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0567"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0569"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0570"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0571"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0572"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0573"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0574"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0575"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0576"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0577"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0578"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0579"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0580"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0581"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0582"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0583"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0584"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0586"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0587"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0588"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0589"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0590"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0591"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0592"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0594"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0595"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0596"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0597"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0598"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "2.54.0599"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "3.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "3.00.0612"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "3.00.0615"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "3.00.0616"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "3.00.0630"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "scada data gateway",
"version": "*"
},
{
"model": "microworks scada data gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "triangle",
"version": "3.0.616"
},
{
"model": "microworks scada data gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "triangle",
"version": "3.0.635"
}
],
"sources": [
{
"db": "IVD",
"id": "7d711e00-463f-11e9-9c2c-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b5d68c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03461"
},
{
"db": "BID",
"id": "67722"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002710"
},
{
"db": "NVD",
"id": "CVE-2014-2342"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-580"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0594:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0592:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0591:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0590:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0575:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0574:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0573:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0572:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0545:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0544:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0536:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0615:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0612:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0597:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0595:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0589:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0587:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0579:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0577:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0570:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0567:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0561:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0553:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0528:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0517:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.00.0633",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0616:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0599:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0584:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0583:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0582:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0581:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0566:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0565:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0564:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0562:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0515:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50.0309:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0598:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0596:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0588:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0586:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0580:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0578:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0576:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0571:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0569:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0558:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0552:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0529:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0518:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0516:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0630:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2342"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain and Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "67722"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2342",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-2342",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-03461",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "7d711e00-463f-11e9-9c2c-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "f3b5d68c-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-70281",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2342",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-03461",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-580",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d711e00-463f-11e9-9c2c-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f3b5d68c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70281",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d711e00-463f-11e9-9c2c-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b5d68c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03461"
},
{
"db": "VULHUB",
"id": "VHN-70281"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002710"
},
{
"db": "NVD",
"id": "CVE-2014-2342"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-580"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). SCADA Data Gateway is prone to a remote denial-of-service vulnerability because the application fails to properly validate the user-supplied input. \nAn attacker can leverage this issue to consume resources resulting in denial-of-service condition; denying service to legitimate users. \nNote: This issue affects the IP connected devices. \nVersions prior to SCADA Data Gateway 3.00.0635 are vulnerable. Triangle MicroWorks SCADA Data Gateway (SDG) is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server of Triangle MicroWorks in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2342"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002710"
},
{
"db": "CNVD",
"id": "CNVD-2014-03461"
},
{
"db": "BID",
"id": "67722"
},
{
"db": "IVD",
"id": "7d711e00-463f-11e9-9c2c-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b5d68c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-70281"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2342",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-149-01",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201405-580",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2014-03461",
"trust": 1.0
},
{
"db": "BID",
"id": "67722",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002710",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D711E00-463F-11E9-9C2C-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "F3B5D68C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-70281",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d711e00-463f-11e9-9c2c-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b5d68c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03461"
},
{
"db": "VULHUB",
"id": "VHN-70281"
},
{
"db": "BID",
"id": "67722"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002710"
},
{
"db": "NVD",
"id": "CVE-2014-2342"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-580"
}
]
},
"id": "VAR-201405-0286",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d711e00-463f-11e9-9c2c-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b5d68c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03461"
},
{
"db": "VULHUB",
"id": "VHN-70281"
}
],
"trust": 1.9636364
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d711e00-463f-11e9-9c2c-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b5d68c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03461"
}
]
},
"last_update_date": "2023-12-18T13:24:55.751000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SCADA Data Gateway",
"trust": 0.8,
"url": "http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new"
},
{
"title": "Patch for SCADA Data Gateway IP Link Device Remote Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/46142"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03461"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002710"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70281"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002710"
},
{
"db": "NVD",
"id": "CVE-2014-2342"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-149-01"
},
{
"trust": 1.7,
"url": "http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2342"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2342"
},
{
"trust": 0.3,
"url": "http://www.trianglemicroworks.com/"
},
{
"trust": 0.3,
"url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03461"
},
{
"db": "VULHUB",
"id": "VHN-70281"
},
{
"db": "BID",
"id": "67722"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002710"
},
{
"db": "NVD",
"id": "CVE-2014-2342"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-580"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d711e00-463f-11e9-9c2c-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b5d68c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03461"
},
{
"db": "VULHUB",
"id": "VHN-70281"
},
{
"db": "BID",
"id": "67722"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002710"
},
{
"db": "NVD",
"id": "CVE-2014-2342"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-580"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-06T00:00:00",
"db": "IVD",
"id": "7d711e00-463f-11e9-9c2c-000c29342cb1"
},
{
"date": "2014-06-06T00:00:00",
"db": "IVD",
"id": "f3b5d68c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03461"
},
{
"date": "2014-05-30T00:00:00",
"db": "VULHUB",
"id": "VHN-70281"
},
{
"date": "2014-05-29T00:00:00",
"db": "BID",
"id": "67722"
},
{
"date": "2014-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002710"
},
{
"date": "2014-05-30T23:55:02.707000",
"db": "NVD",
"id": "CVE-2014-2342"
},
{
"date": "2014-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-580"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03461"
},
{
"date": "2014-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-70281"
},
{
"date": "2014-05-29T00:00:00",
"db": "BID",
"id": "67722"
},
{
"date": "2014-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002710"
},
{
"date": "2014-06-05T12:32:58.963000",
"db": "NVD",
"id": "CVE-2014-2342"
},
{
"date": "2014-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-580"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-580"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Triangle MicroWorks SCADA Data Gateway Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002710"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "7d711e00-463f-11e9-9c2c-000c29342cb1"
},
{
"db": "IVD",
"id": "f3b5d68c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-580"
}
],
"trust": 1.0
}
}