Vulnerability Details : CVE-2023-2186
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2023-2186
- cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-2186
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2186
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
8.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
3.9
|
4.2
|
Trellix |
CWE ids for CVE-2023-2186
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by:
- nvd@nist.gov (Primary)
- trellixpsirt@trellix.com (Secondary)
References for CVE-2023-2186
-
https://www.trellix.com/en-us/about/newsroom/stories/research/industrial-and-manufacturing-cves.html
Industrial and Manufacturing CVEs: Addressing the SCADA in the RoomThird Party Advisory
Jump to