Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-39461
PUBLISHED
More InfoOfficial Page
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
View Known Exploited Vulnerability (KEV) details
Published At-03 May, 2024 | 01:59
Updated At-02 Aug, 2024 | 18:10
Rejected At-
▼CVE Numbering Authority (CNA)
Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535.

Affected Products
Vendor
Triangle MicroWorks
Product
SCADA Data Gateway
Default Status
unknown
Versions
Affected
  • 5.1.3.20324
Problem Types
TypeCWE IDDescription
CWECWE-117CWE-117: Improper Output Neutralization for Logs
Metrics
VersionBase scoreBase severityVector
3.04.4MEDIUM
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-23-1029/
x_research-advisory
https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
trianglemicroworks
Product
scada_data_gateway
CPEs
  • cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 5.1.3.20324
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-23-1029/
x_research-advisory
x_transferred
https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new
vendor-advisory
x_transferred
Details not found