Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    57 vulnerabilities by trianglemicroworks

    CVE-2024-34057 (GCVE-0-2024-34057)

    Vulnerability from nvd – Published: 2024-09-18 00:00 – Updated: 2024-09-19 14:21
    VLAI
    Summary
    Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    trianglemicroworks iec_61850_client_source_code_library Affected: 0 , < 12.2.0 (custom)
        cpe:2.3:a:trianglemicroworks:iec_61850_client_source_code_library:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:iec_61850_client_source_code_library:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "iec_61850_client_source_code_library",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "lessThan": "12.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T14:17:19.898121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T14:21:28.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-18T18:54:44.376Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-34057",
        "datePublished": "2024-09-18T00:00:00.000Z",
        "dateReserved": "2024-04-30T00:00:00.000Z",
        "dateUpdated": "2024-09-19T14:21:28.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0369 (GCVE-0-2022-0369)

    Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.01.01
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.01.01
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.01.01:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-04-14 19:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.01.01:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.01.01"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-0369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:07:32.283678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-23T17:09:35.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-450",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-450/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.01.01"
                }
              ]
            }
          ],
          "dateAssigned": "2022-01-25T22:23:37.257Z",
          "datePublic": "2023-04-14T19:00:47.542Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T22:54:55.247Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-450",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-450/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Steven Seeley (mr_me) and Chris Anastasio (muffin) of Incite Team"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2022-0369",
        "datePublished": "2024-05-07T22:54:55.247Z",
        "dateReserved": "2022-01-25T22:22:48.663Z",
        "dateUpdated": "2024-08-02T23:25:40.264Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39468 (GCVE-0-2023-39468)

    Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20799.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-749 - Exposed Dangerous Method or Function
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39468",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:19:46.064913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:09.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.697Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1036",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1036/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.433Z",
          "datePublic": "2023-08-04T18:44:48.544Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20799."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749: Exposed Dangerous Method or Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:30.325Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1036",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1036/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Uri Katz of Claroty Team82"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39468",
        "datePublished": "2024-05-03T01:59:30.325Z",
        "dateReserved": "2023-08-02T21:37:23.123Z",
        "dateUpdated": "2024-08-02T18:10:20.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39467 (GCVE-0-2023-39467)

    Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of certificate web directory. The issue results from the exposure of sensitive information in the application webroot. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20798.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-219 - Storage of File with Sensitive Data Under Web Root
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:43
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39467",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T19:22:23.242020Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:51.263Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.678Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1035",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1035/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.427Z",
          "datePublic": "2023-08-04T18:43:42.003Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of certificate web directory. The issue results from the exposure of sensitive information in the application webroot. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20798."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-219",
                  "description": "CWE-219: Storage of File with Sensitive Data Under Web Root",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:29.616Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1035",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1035/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Uri Katz of Claroty Team82"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39467",
        "datePublished": "2024-05-03T01:59:29.616Z",
        "dateReserved": "2023-08-02T21:37:23.123Z",
        "dateUpdated": "2024-08-02T18:10:20.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39466 (GCVE-0-2023-39466)

    Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:42
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39466",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:12:42.172392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-23T17:15:39.965Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.933Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1034",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1034/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.422Z",
          "datePublic": "2023-08-04T18:42:39.807Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:28.811Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1034",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1034/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Uri Katz of Claroty Team82"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39466",
        "datePublished": "2024-05-03T01:59:28.811Z",
        "dateReserved": "2023-08-02T21:37:23.123Z",
        "dateUpdated": "2024-08-02T18:10:20.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39465 (GCVE-0-2023-39465)

    Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:41
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-06T15:37:18.521094Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:05.297Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:21.061Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1033",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1033/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.416Z",
          "datePublic": "2023-08-04T18:41:33.328Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321: Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:28.085Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1033",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1033/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Uri Katz of Claroty Team82"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39465",
        "datePublished": "2024-05-03T01:59:28.085Z",
        "dateReserved": "2023-08-02T21:37:23.122Z",
        "dateUpdated": "2024-08-02T18:10:21.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39464 (GCVE-0-2023-39464)

    Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39464",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:13:49.483707Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:11.296Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.680Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1032",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1032/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.411Z",
          "datePublic": "2023-08-04T18:40:15.323Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428: Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:27.382Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1032",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1032/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Team ECQ"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39464",
        "datePublished": "2024-05-03T01:59:27.382Z",
        "dateReserved": "2023-08-02T21:37:23.122Z",
        "dateUpdated": "2024-08-02T18:10:20.680Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39463 (GCVE-0-2023-39463)

    Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:39
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39463",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:16:15.340389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:02.325Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.694Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1031",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1031/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.406Z",
          "datePublic": "2023-08-04T18:39:23.964Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:26.598Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1031",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1031/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Team ECQ"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39463",
        "datePublished": "2024-05-03T01:59:26.598Z",
        "dateReserved": "2023-08-02T21:37:23.121Z",
        "dateUpdated": "2024-08-02T18:10:20.694Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39462 (GCVE-0-2023-39462)

    Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilitites to execute arbitrary code in the context of root. Was ZDI-CAN-20536.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:37
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39462",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:16:53.971929Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:04.040Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.821Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1030",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1030/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.400Z",
          "datePublic": "2023-08-04T18:37:32.567Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilitites to execute arbitrary code in the context of root. Was ZDI-CAN-20536."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:25.792Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1030",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1030/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39462",
        "datePublished": "2024-05-03T01:59:25.792Z",
        "dateReserved": "2023-08-02T21:37:23.121Z",
        "dateUpdated": "2024-08-02T18:10:20.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39461 (GCVE-0-2023-39461)

    Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:37
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39461",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-03T19:12:41.966123Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:58.048Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1029",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1029/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.394Z",
          "datePublic": "2023-08-04T18:37:00.078Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "CWE-117: Improper Output Neutralization for Logs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:25.080Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1029",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1029/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39461",
        "datePublished": "2024-05-03T01:59:25.080Z",
        "dateReserved": "2023-08-02T21:37:23.121Z",
        "dateUpdated": "2024-08-02T18:10:20.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39460 (GCVE-0-2023-39460)

    Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39460",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:18:57.800496Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:58.471Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.445Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1028",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1028/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.388Z",
          "datePublic": "2023-08-04T18:35:57.232Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:24.376Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1028",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1028/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39460",
        "datePublished": "2024-05-03T01:59:24.376Z",
        "dateReserved": "2023-08-02T21:37:23.121Z",
        "dateUpdated": "2024-08-02T18:10:20.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39459 (GCVE-0-2023-39459)

    Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39459",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T19:23:56.632854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:02.754Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1027",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.382Z",
          "datePublic": "2023-08-04T18:33:53.589Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:23.567Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1027",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Li Jiantao, Ngo Wei Lin, Pan Zhenpeng of STAR Labs SG Pte. Ltd."
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39459",
        "datePublished": "2024-05-03T01:59:23.567Z",
        "dateReserved": "2023-08-02T21:37:23.121Z",
        "dateUpdated": "2024-08-02T18:10:20.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39458 (GCVE-0-2023-39458)

    Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20509.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:32
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39458",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:17:39.486576Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:03.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.663Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1026",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1026/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.375Z",
          "datePublic": "2023-08-04T18:32:39.881Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20509."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:22.784Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1026",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1026/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Team ECQ"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39458",
        "datePublished": "2024-05-03T01:59:22.784Z",
        "dateReserved": "2023-08-02T21:37:23.121Z",
        "dateUpdated": "2024-08-02T18:10:20.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39457 (GCVE-0-2023-39457)

    Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:14
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39457",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:18:26.342775Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:56.761Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1025",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.367Z",
          "datePublic": "2023-08-04T18:14:52.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:22.050Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1025",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39457",
        "datePublished": "2024-05-03T01:59:22.050Z",
        "dateReserved": "2023-08-02T21:37:23.120Z",
        "dateUpdated": "2024-08-02T18:10:20.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-34057 (GCVE-0-2024-34057)

    Vulnerability from cvelistv5 – Published: 2024-09-18 00:00 – Updated: 2024-09-19 14:21
    VLAI
    Summary
    Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    trianglemicroworks iec_61850_client_source_code_library Affected: 0 , < 12.2.0 (custom)
        cpe:2.3:a:trianglemicroworks:iec_61850_client_source_code_library:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:iec_61850_client_source_code_library:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "iec_61850_client_source_code_library",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "lessThan": "12.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T14:17:19.898121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T14:21:28.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-18T18:54:44.376Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-34057",
        "datePublished": "2024-09-18T00:00:00.000Z",
        "dateReserved": "2024-04-30T00:00:00.000Z",
        "dateUpdated": "2024-09-19T14:21:28.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0369 (GCVE-0-2022-0369)

    Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.01.01
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.01.01
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.01.01:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-04-14 19:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.01.01:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.01.01"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-0369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:07:32.283678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-23T17:09:35.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-450",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-450/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.01.01"
                }
              ]
            }
          ],
          "dateAssigned": "2022-01-25T22:23:37.257Z",
          "datePublic": "2023-04-14T19:00:47.542Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T22:54:55.247Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-450",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-450/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Steven Seeley (mr_me) and Chris Anastasio (muffin) of Incite Team"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2022-0369",
        "datePublished": "2024-05-07T22:54:55.247Z",
        "dateReserved": "2022-01-25T22:22:48.663Z",
        "dateUpdated": "2024-08-02T23:25:40.264Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39468 (GCVE-0-2023-39468)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20799.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-749 - Exposed Dangerous Method or Function
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39468",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:19:46.064913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:09.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.697Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1036",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1036/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.433Z",
          "datePublic": "2023-08-04T18:44:48.544Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20799."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749: Exposed Dangerous Method or Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:30.325Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1036",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1036/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Uri Katz of Claroty Team82"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39468",
        "datePublished": "2024-05-03T01:59:30.325Z",
        "dateReserved": "2023-08-02T21:37:23.123Z",
        "dateUpdated": "2024-08-02T18:10:20.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39467 (GCVE-0-2023-39467)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of certificate web directory. The issue results from the exposure of sensitive information in the application webroot. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20798.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-219 - Storage of File with Sensitive Data Under Web Root
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:43
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39467",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T19:22:23.242020Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:51.263Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.678Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1035",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1035/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.427Z",
          "datePublic": "2023-08-04T18:43:42.003Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of certificate web directory. The issue results from the exposure of sensitive information in the application webroot. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20798."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-219",
                  "description": "CWE-219: Storage of File with Sensitive Data Under Web Root",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:29.616Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1035",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1035/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Uri Katz of Claroty Team82"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39467",
        "datePublished": "2024-05-03T01:59:29.616Z",
        "dateReserved": "2023-08-02T21:37:23.123Z",
        "dateUpdated": "2024-08-02T18:10:20.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39466 (GCVE-0-2023-39466)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:42
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39466",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:12:42.172392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-23T17:15:39.965Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.933Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1034",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1034/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.422Z",
          "datePublic": "2023-08-04T18:42:39.807Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:28.811Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1034",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1034/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Uri Katz of Claroty Team82"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39466",
        "datePublished": "2024-05-03T01:59:28.811Z",
        "dateReserved": "2023-08-02T21:37:23.123Z",
        "dateUpdated": "2024-08-02T18:10:20.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39465 (GCVE-0-2023-39465)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:41
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-06T15:37:18.521094Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:05.297Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:21.061Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1033",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1033/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.416Z",
          "datePublic": "2023-08-04T18:41:33.328Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321: Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:28.085Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1033",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1033/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Uri Katz of Claroty Team82"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39465",
        "datePublished": "2024-05-03T01:59:28.085Z",
        "dateReserved": "2023-08-02T21:37:23.122Z",
        "dateUpdated": "2024-08-02T18:10:21.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39464 (GCVE-0-2023-39464)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39464",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:13:49.483707Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:11.296Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.680Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1032",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1032/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.411Z",
          "datePublic": "2023-08-04T18:40:15.323Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428: Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:27.382Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1032",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1032/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Team ECQ"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39464",
        "datePublished": "2024-05-03T01:59:27.382Z",
        "dateReserved": "2023-08-02T21:37:23.122Z",
        "dateUpdated": "2024-08-02T18:10:20.680Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39463 (GCVE-0-2023-39463)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:39
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39463",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:16:15.340389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:02.325Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.694Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1031",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1031/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.406Z",
          "datePublic": "2023-08-04T18:39:23.964Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:26.598Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1031",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1031/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Team ECQ"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39463",
        "datePublished": "2024-05-03T01:59:26.598Z",
        "dateReserved": "2023-08-02T21:37:23.121Z",
        "dateUpdated": "2024-08-02T18:10:20.694Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39462 (GCVE-0-2023-39462)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilitites to execute arbitrary code in the context of root. Was ZDI-CAN-20536.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:37
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39462",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:16:53.971929Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:04.040Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.821Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1030",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1030/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.400Z",
          "datePublic": "2023-08-04T18:37:32.567Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilitites to execute arbitrary code in the context of root. Was ZDI-CAN-20536."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:25.792Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1030",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1030/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39462",
        "datePublished": "2024-05-03T01:59:25.792Z",
        "dateReserved": "2023-08-02T21:37:23.121Z",
        "dateUpdated": "2024-08-02T18:10:20.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39461 (GCVE-0-2023-39461)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:37
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39461",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-03T19:12:41.966123Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:58.048Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1029",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1029/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.394Z",
          "datePublic": "2023-08-04T18:37:00.078Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "CWE-117: Improper Output Neutralization for Logs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:25.080Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1029",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1029/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39461",
        "datePublished": "2024-05-03T01:59:25.080Z",
        "dateReserved": "2023-08-02T21:37:23.121Z",
        "dateUpdated": "2024-08-02T18:10:20.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39460 (GCVE-0-2023-39460)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39460",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:18:57.800496Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:58.471Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.445Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1028",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1028/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.388Z",
          "datePublic": "2023-08-04T18:35:57.232Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:24.376Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1028",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1028/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39460",
        "datePublished": "2024-05-03T01:59:24.376Z",
        "dateReserved": "2023-08-02T21:37:23.121Z",
        "dateUpdated": "2024-08-02T18:10:20.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39459 (GCVE-0-2023-39459)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39459",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T19:23:56.632854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:02.754Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1027",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.382Z",
          "datePublic": "2023-08-04T18:33:53.589Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:23.567Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1027",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Li Jiantao, Ngo Wei Lin, Pan Zhenpeng of STAR Labs SG Pte. Ltd."
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39459",
        "datePublished": "2024-05-03T01:59:23.567Z",
        "dateReserved": "2023-08-02T21:37:23.121Z",
        "dateUpdated": "2024-08-02T18:10:20.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39458 (GCVE-0-2023-39458)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20509.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:32
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39458",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:17:39.486576Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:03.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.663Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1026",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1026/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.375Z",
          "datePublic": "2023-08-04T18:32:39.881Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20509."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:22.784Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1026",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1026/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Team ECQ"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39458",
        "datePublished": "2024-05-03T01:59:22.784Z",
        "dateReserved": "2023-08-02T21:37:23.121Z",
        "dateUpdated": "2024-08-02T18:10:20.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39457 (GCVE-0-2023-39457)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability
    Summary
    Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Triangle MicroWorks SCADA Data Gateway Affected: 5.1.3.20324
    Create a notification for this product.
    trianglemicroworks scada_data_gateway Affected: 5.1.3.20324
        cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-04 18:14
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "scada_data_gateway",
                "vendor": "trianglemicroworks",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.1.3.20324"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39457",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T17:18:26.342775Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:26:56.761Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1025",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "SCADA Data Gateway",
              "vendor": "Triangle MicroWorks",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.3.20324"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.367Z",
          "datePublic": "2023-08-04T18:14:52.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:22.050Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1025",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1025/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
          },
          "title": "Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39457",
        "datePublished": "2024-05-03T01:59:22.050Z",
        "dateReserved": "2023-08-02T21:37:23.120Z",
        "dateUpdated": "2024-08-02T18:10:20.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201309-0200

    Vulnerability from variot - Updated: 2023-12-18 13:34

    Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). Triangle MicroWorks multiple product-related IP-based devices incorrectly verify input, allowing an attacker to exploit a vulnerability to submit a specially crafted TCP message to cause the software to cause an infinite loop, causing the process to crash and requiring a manual reboot to get normal functionality. Multiple Triangle MicroWorks products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. Note: This issue affects the IP connected devices. SDG is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server. DNP3 .NET Protocol components is a set of .NET framework components that support DNP3. DNP3 ANSI C source code libraries is a source code library based on the ANSI C standard

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201309-0200",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ansi c source code libraries",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "3.06.0000"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "2.50"
          },
          {
            "model": ".net communication protocol components",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "3.06.0.171"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "3.00.0616"
          },
          {
            "model": "ansi c source code libraries",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "3.15.0000"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "2.50.0309"
          },
          {
            "model": ".net communication protocol components",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "3.15.0.369"
          },
          {
            "model": ".net protocol components",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "triangle microworks",
            "version": "3.06.0.171 to  3.15.0.369"
          },
          {
            "model": "ansi standard c source code libraries",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "triangle microworks",
            "version": "3.06.0000 to  3.15.0000"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "triangle microworks",
            "version": "2.50.0309 to  3.00.0616"
          },
          {
            "model": "microworks scada data gateway to",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "triangle",
            "version": "2.50.03093.00.0616"
          },
          {
            "model": "microworks dnp3 .net protocol components to",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "triangle",
            "version": "3.06.0.1713.15.0.369"
          },
          {
            "model": "microworks dnp3 ansi c source code libraries to",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "triangle",
            "version": "3.06.00003.15.0000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "net communication protocol components",
            "version": "3.06.0.171"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "net communication protocol components",
            "version": "3.15.0.369"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ansi c source code libraries",
            "version": "3.06.0000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ansi c source code libraries",
            "version": "3.15.0000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.50"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.50.0309"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "3.00.0616"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12783"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004002"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2793"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-536"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.15.0.369:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.06.0000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.15.0000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.06.0.171:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50.0309:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0616:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-2793"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Adam Crain of Automatak and Chris Sistrunk",
        "sources": [
          {
            "db": "BID",
            "id": "62087"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-536"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2013-2793",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2013-2793",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2013-12783",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "b4cce158-2352-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-62795",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2013-2793",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-12783",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201308-536",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "b4cce158-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-62795",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12783"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004002"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2793"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-536"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). Triangle MicroWorks multiple product-related IP-based devices incorrectly verify input, allowing an attacker to exploit a vulnerability to submit a specially crafted TCP message to cause the software to cause an infinite loop, causing the process to crash and requiring a manual reboot to get normal functionality. Multiple Triangle MicroWorks products are prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected device, denying service to legitimate users. \nNote: This issue affects the IP connected devices. SDG is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server. DNP3 .NET Protocol components is a set of .NET framework components that support DNP3. DNP3 ANSI C source code libraries is a source code library based on the ANSI C standard",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-2793"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004002"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12783"
          },
          {
            "db": "BID",
            "id": "62087"
          },
          {
            "db": "IVD",
            "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62795"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-2793",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-13-240-01",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "62087",
            "trust": 1.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-536",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12783",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004002",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "B4CCE158-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-62795",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12783"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62795"
          },
          {
            "db": "BID",
            "id": "62087"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004002"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2793"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-536"
          }
        ]
      },
      "id": "VAR-201309-0200",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12783"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62795"
          }
        ],
        "trust": 1.9
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12783"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:34:45.090000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Triangle MicroWorks, Inc. DNP3 Master Source Code Library",
            "trust": 0.8,
            "url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
          },
          {
            "title": "Triangle MicroWorks Multiple Products Patches for Denial of Service Vulnerabilities Based on IP-Specific TCP Packets",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/39294"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-12783"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004002"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-62795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004002"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2793"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-13-240-01"
          },
          {
            "trust": 2.3,
            "url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2793"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2793"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/62087"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-12783"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004002"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2793"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-536"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12783"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62795"
          },
          {
            "db": "BID",
            "id": "62087"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004002"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2793"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-536"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-09-04T00:00:00",
            "db": "IVD",
            "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2013-09-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-12783"
          },
          {
            "date": "2013-09-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-62795"
          },
          {
            "date": "2013-08-28T00:00:00",
            "db": "BID",
            "id": "62087"
          },
          {
            "date": "2013-09-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-004002"
          },
          {
            "date": "2013-09-09T11:39:08.427000",
            "db": "NVD",
            "id": "CVE-2013-2793"
          },
          {
            "date": "2013-08-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201308-536"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-09-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-12783"
          },
          {
            "date": "2013-09-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-62795"
          },
          {
            "date": "2013-10-21T01:19:00",
            "db": "BID",
            "id": "62087"
          },
          {
            "date": "2013-09-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-004002"
          },
          {
            "date": "2013-09-25T21:58:15.317000",
            "db": "NVD",
            "id": "CVE-2013-2793"
          },
          {
            "date": "2013-09-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201308-536"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-536"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Triangle MicroWorks Service disruption in products  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004002"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "b4cce158-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-536"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201309-0201

    Vulnerability from variot - Updated: 2023-12-18 13:34

    Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). Multiple Triangle MicroWorks products are prone to a local denial-of-service vulnerability. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. NOTE: To exploit this issue, local access to the serial-based outstation is required. SDG is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server. DNP3 .NET Protocol components is a set of .NET framework components that support DNP3. DNP3 ANSI C source code libraries is a source code library based on the ANSI C standard

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201309-0201",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "2.54.0536"
          },
          {
            "model": "ansi c source code libraries",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "3.12.0000"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "2.54.0518"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "2.54.0528"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "2.53"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "2.51"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "2.54.0517"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "2.54.0516"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "2.54.0529"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trianglemicroworks",
            "version": "2.54.0515"
          },
          {
            "model": ".net communication protocol components",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.09.00"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0579"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0552"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0591"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0573"
          },
          {
            "model": ".net communication protocol components",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.08.00"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0587"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0588"
          },
          {
            "model": ".net communication protocol components",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.11.00"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0597"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0598"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0544"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0545"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0596"
          },
          {
            "model": "ansi c source code libraries",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.06.0000"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0595"
          },
          {
            "model": ".net communication protocol components",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.07.00"
          },
          {
            "model": ".net communication protocol components",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.14.00"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0571"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0572"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0565"
          },
          {
            "model": "ansi c source code libraries",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.08.0000"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.00.0616"
          },
          {
            "model": "ansi c source code libraries",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.09.0000"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0581"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0553"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0567"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0592"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0558"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0569"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.50.0309"
          },
          {
            "model": ".net communication protocol components",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.15.0.369"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0564"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0580"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0583"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0566"
          },
          {
            "model": "ansi c source code libraries",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.15.0000"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0540"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0589"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.50"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0561"
          },
          {
            "model": "ansi c source code libraries",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.13.0000"
          },
          {
            "model": "ansi c source code libraries",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.10.0000"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0578"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0570"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0577"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0576"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0562"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0574"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0584"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0590"
          },
          {
            "model": ".net communication protocol components",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.15.00"
          },
          {
            "model": "ansi c source code libraries",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.07.0000"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0586"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0594"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0599"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0582"
          },
          {
            "model": ".net communication protocol components",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.06.0.171"
          },
          {
            "model": ".net communication protocol components",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.10.00"
          },
          {
            "model": "ansi c source code libraries",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.11.0000"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "2.54.0575"
          },
          {
            "model": "ansi c source code libraries",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.14.0000"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trianglemicroworks",
            "version": "3.00"
          },
          {
            "model": ".net protocol components",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "triangle microworks",
            "version": "3.06.0.171 to  3.15.0.369"
          },
          {
            "model": "ansi standard c source code libraries",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "triangle microworks",
            "version": "3.06.0000 to  3.15.0000"
          },
          {
            "model": "scada data gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "triangle microworks",
            "version": "2.50.0309 to  3.00.0616"
          },
          {
            "model": "microworks scada data gateway to",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "triangle",
            "version": "2.50.03093.00.0616"
          },
          {
            "model": "microworks dnp3 .net protocol components to",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "triangle",
            "version": "3.06.0.1713.15.0.369"
          },
          {
            "model": "microworks dnp3 ansi c source code libraries to",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "triangle",
            "version": "3.06.00003.15.0000"
          },
          {
            "model": "microworks scada data gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "triangle",
            "version": "3.0.616"
          },
          {
            "model": "microworks scada data gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "triangle",
            "version": "2.50.309"
          },
          {
            "model": "microworks dnp3 ansi c source code libraries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "triangle",
            "version": "3.15"
          },
          {
            "model": "microworks dnp3 ansi c source code libraries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "triangle",
            "version": "3.6"
          },
          {
            "model": "microworks dnp3 .net protocol components",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "triangle",
            "version": "3.15369"
          },
          {
            "model": "microworks dnp3 .net protocol components",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "triangle",
            "version": "3.6171"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ansi c source code libraries",
            "version": "3.06.0000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ansi c source code libraries",
            "version": "3.07.0000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ansi c source code libraries",
            "version": "3.08.0000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ansi c source code libraries",
            "version": "3.09.0000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ansi c source code libraries",
            "version": "3.10.0000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ansi c source code libraries",
            "version": "3.11.0000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ansi c source code libraries",
            "version": "3.12.0000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ansi c source code libraries",
            "version": "3.13.0000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ansi c source code libraries",
            "version": "3.14.0000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ansi c source code libraries",
            "version": "3.15.0000"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "net communication protocol components",
            "version": "3.06.0.171"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "net communication protocol components",
            "version": "3.07.00"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "net communication protocol components",
            "version": "3.08.00"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "net communication protocol components",
            "version": "3.09.00"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "net communication protocol components",
            "version": "3.10.00"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "net communication protocol components",
            "version": "3.11.00"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "net communication protocol components",
            "version": "3.14.00"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "net communication protocol components",
            "version": "3.15.00"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "net communication protocol components",
            "version": "3.15.0.369"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.50"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.50.0309"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.51"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.53"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0515"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0516"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0517"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0518"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0528"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0529"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0536"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0540"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0544"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0545"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0552"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0553"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0558"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0561"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0562"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0564"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0565"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0566"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0567"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0569"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0570"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0571"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0572"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0573"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0574"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0575"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0576"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0577"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0578"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0579"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0580"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0581"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0582"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0583"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0584"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0586"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0587"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0588"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0589"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0590"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0591"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0592"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0594"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0595"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0596"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0597"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0598"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "2.54.0599"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "3.00"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada data gateway",
            "version": "3.00.0616"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12784"
          },
          {
            "db": "BID",
            "id": "62086"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004003"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2794"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-537"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.09.0000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.07.0000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.14.0000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.13.0000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.12.0000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.11.0000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.10.0000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.15.0000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.08.0000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:ansi_c_source_code_libraries:3.06.0000:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.06.0.171:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.15.0.369:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.15.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.11.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.09.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.08.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.07.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.14.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:.net_communication_protocol_components:3.10.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0598:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0597:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0596:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0595:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0594:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0579:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0578:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0577:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0576:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0558:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0553:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0552:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0545:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0592:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0590:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0582:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0580:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0575:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0573:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0565:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0562:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0540:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0529:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0515:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.51:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.50.0309:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0588:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0587:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0586:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0584:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0571:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0570:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0569:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0567:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0566:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0528:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0518:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0517:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0516:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:3.00.0616:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0599:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0591:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0589:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0583:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0581:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0574:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0572:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0564:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0561:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0544:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.54.0536:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:2.53:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-2794"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Adam Crain of Automatak and Chris Sistrunk",
        "sources": [
          {
            "db": "BID",
            "id": "62086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-537"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2013-2794",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 4.9,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2013-2794",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.7,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.4,
                "id": "CNVD-2013-12784",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.7,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.4,
                "id": "b4d56c60-2352-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "VHN-62796",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2013-2794",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-12784",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201308-537",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "b4d56c60-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-62796",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62796"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004003"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2794"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-537"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). Multiple Triangle MicroWorks products are prone to a local denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected device, denying service to legitimate users. \nNOTE: To exploit this issue, local access to the serial-based outstation is required. SDG is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server. DNP3 .NET Protocol components is a set of .NET framework components that support DNP3. DNP3 ANSI C source code libraries is a source code library based on the ANSI C standard",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-2794"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004003"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12784"
          },
          {
            "db": "BID",
            "id": "62086"
          },
          {
            "db": "IVD",
            "id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62796"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-2794",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-13-240-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "62086",
            "trust": 1.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-537",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12784",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004003",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "B4D56C60-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-62796",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62796"
          },
          {
            "db": "BID",
            "id": "62086"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004003"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2794"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-537"
          }
        ]
      },
      "id": "VAR-201309-0201",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62796"
          }
        ],
        "trust": 1.8659091
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12784"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:34:45.049000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Triangle MicroWorks, Inc. DNP3 Master Source Code Library",
            "trust": 0.8,
            "url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
          },
          {
            "title": "Triangle MicroWorks multiple products based on patches for serial local denial of service vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/39293"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-12784"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004003"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-62796"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004003"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2794"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-13-240-01"
          },
          {
            "trust": 2.6,
            "url": "http://www.trianglemicroworks.com/documents/mdnp_scl_whats_new.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2794"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2794"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/62086"
          },
          {
            "trust": 0.3,
            "url": "http://www.trianglemicroworks.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-12784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62796"
          },
          {
            "db": "BID",
            "id": "62086"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004003"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2794"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-537"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-12784"
          },
          {
            "db": "VULHUB",
            "id": "VHN-62796"
          },
          {
            "db": "BID",
            "id": "62086"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004003"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2794"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-537"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-09-04T00:00:00",
            "db": "IVD",
            "id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2013-09-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-12784"
          },
          {
            "date": "2013-09-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-62796"
          },
          {
            "date": "2013-08-28T00:00:00",
            "db": "BID",
            "id": "62086"
          },
          {
            "date": "2013-09-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-004003"
          },
          {
            "date": "2013-09-09T11:39:08.443000",
            "db": "NVD",
            "id": "CVE-2013-2794"
          },
          {
            "date": "2013-08-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201308-537"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-09-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-12784"
          },
          {
            "date": "2013-10-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-62796"
          },
          {
            "date": "2013-08-28T00:00:00",
            "db": "BID",
            "id": "62086"
          },
          {
            "date": "2013-09-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-004003"
          },
          {
            "date": "2013-10-08T17:24:14.033000",
            "db": "NVD",
            "id": "CVE-2013-2794"
          },
          {
            "date": "2014-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201308-537"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "62086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-537"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Triangle MicroWorks Service disruption in products  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004003"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "b4d56c60-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201308-537"
          }
        ],
        "trust": 0.8
      }
    }