CRITICAL🇵🇱 Wersja polska

CVE-2023-39457

CVSS 9.8v3.0pub. 2024-05-03upd. 2025-06-17

Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501.

🤖 AI Analysis
How it works

The vulnerability (CWE-306) results from a complete omission of user authentication in the product's default configuration. An attacker remotely, without any credentials, can gain access to system functions that should be protected. This vulnerability can be directly exploited to execute arbitrary code in the context of the root account, meaning full control over the device.

Impact

An attacker can remotely execute arbitrary code with root privileges, gaining full control over the system — including the ability to modify data, disrupt industrial processes, and perform lateral movement in the OT/SCADA network.

Mitigation & patch

Apply patches available from the manufacturer in accordance with the references (Triangle MicroWorks website — 'What's New' section for SCADA Data Gateway). Additionally, it is recommended to immediately implement network access controls (firewall, OT network segmentation) restricting access to the gateway only to authorized hosts.

Who is affected

Triangle MicroWorks SCADA Data Gateway — affects installations in the default configuration; specific versions indicated in the manufacturer's references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Trianglemicroworks Scada Data Gateway

    APP
    Trianglemicroworks
    5.1.3.20324
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth Bypass
CWE
References

Related vulnerabilities

CVE-2020-10611CRITICAL9.8ten sam produkt

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote atta...

CVE-2022-0369HIGH8.8ten sam produkt

Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerabili...

CVE-2023-39459HIGH7.8ten sam produkt

Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnera...

CVE-2023-39460HIGH7.2ten sam produkt

Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. Th...

CVE-2023-39463HIGH7.2ten sam produkt

Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution...