CVE-2020-10613
published 2020-04-15CVE-2020-10613: Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
2.49%
82.7th percentile
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trianglemicroworks | scada_data_gateway | 2.41.0213 – 4.0.122 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8hcc-5w75-vqhq: Triangle MicroWorks SCADA Data Gateway 3
ghsa_unreviewed·2022-05-24
CVE-2020-10613 [MEDIUM] GHSA-8hcc-5w75-vqhq: Triangle MicroWorks SCADA Data Gateway 3
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets.
CISA ICS
Triangle MicroWorks SCADA Data Gateway
cisa_ics·2022-10-27·CVSS 7.5
[HIGH] Triangle MicroWorks SCADA Data Gateway
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Triangle MicroWorks SCADA Data Gateway
Last RevisedOctober 27, 2022
Alert CodeICSA-20-105-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Triangle MicroWorks
- Equipment: SCADA Data Gateway
- Vulnerabilities: Stacked-based Buffer Overflow, Out-of-Bounds Read, Type Confusion
## 2. RISK EVALUATION
These vulnerabilities allow remote attackers to execute arbitrary code and disclose on affected installations of Triangle Microworks SCADA Data Gateway with DNP3 Outstation channels. Authentication is not required to e
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-04-15
Published