Vulnerability Details : CVE-2023-39463
Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537.
Vulnerability category: Execute code
Products affected by CVE-2023-39463
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2023-39463
1.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-39463
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
Zero Day Initiative | 2024-05-03 |
CWE ids for CVE-2023-39463
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: zdi-disclosures@trendmicro.com (Secondary)
References for CVE-2023-39463
-
https://www.zerodayinitiative.com/advisories/ZDI-23-1031/
ZDI-23-1031 | Zero Day Initiative
-
https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new
SCADA Data Gateway - What's New
Jump to