CVE-2020-10611
published 2020-04-15CVE-2020-10611: Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.23%
91.5th percentile
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trianglemicroworks | scada_data_gateway | 2.41.0213 – 4.0.122 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target protocol is DNP3 Data Sets over network (no authentication required); monitor for anomalous DNP3 traffic to SCADA Data Gateway Outstation channels, particularly malformed or unexpected Data Set objects that could trigger type confusion ↗
- →No known public exploits exist for this CVE as of advisory publication; focus detection on behavioral anomalies (unexpected process execution, memory corruption indicators) on Triangle MicroWorks SCADA Data Gateway hosts running versions 2.41.0213 through 4.0.122 ↗
- →Exploitation is network-reachable with no authentication and low skill required (CVSS 9.8); prioritize network-level detection and segmentation for any SCADA Data Gateway instance exposed beyond a firewall ↗
- ·Vulnerability is only exploitable on installations where DNP3 Data Sets feature is in use; deployments not using DNP3 Data Sets are not affected by CVE-2020-10611 specifically ↗
- ·All three CVEs in this advisory (CVE-2020-10615, CVE-2020-10613, CVE-2020-10611) share the same attack vector (unauthenticated remote DNP3 Outstation channel); detection rules targeting the DNP3 attack surface will cover the full advisory scope ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-grj9-c593-w7c6: Triangle MicroWorks SCADA Data Gateway 3
ghsa_unreviewed·2022-05-24
CVE-2020-10611 [HIGH] GHSA-grj9-c593-w7c6: Triangle MicroWorks SCADA Data Gateway 3
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets.
CISA ICS
Triangle MicroWorks SCADA Data Gateway
cisa_ics·2022-10-27·CVSS 7.5
[HIGH] Triangle MicroWorks SCADA Data Gateway
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Triangle MicroWorks SCADA Data Gateway
Last RevisedOctober 27, 2022
Alert CodeICSA-20-105-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Triangle MicroWorks
- Equipment: SCADA Data Gateway
- Vulnerabilities: Stacked-based Buffer Overflow, Out-of-Bounds Read, Type Confusion
## 2. RISK EVALUATION
These vulnerabilities allow remote attackers to execute arbitrary code and disclose on affected installations of Triangle Microworks SCADA Data Gateway with DNP3 Outstation channels. Authentication is not required to e
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-04-15
Published