CVE-2020-10615
published 2020-04-15CVE-2020-10615: Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.57%
83.2th percentile
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trianglemicroworks | scada_data_gateway | 2.41.0213 – 4.0.122 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Triangle MicroWorks SCADA Data Gateway
cisa_ics·2022-10-27·CVSS 7.5
[HIGH] Triangle MicroWorks SCADA Data Gateway
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Triangle MicroWorks SCADA Data Gateway
Last RevisedOctober 27, 2022
Alert CodeICSA-20-105-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Triangle MicroWorks
- Equipment: SCADA Data Gateway
- Vulnerabilities: Stacked-based Buffer Overflow, Out-of-Bounds Read, Type Confusion
## 2. RISK EVALUATION
These vulnerabilities allow remote attackers to execute arbitrary code and disclose on affected installations of Triangle Microworks SCADA Data Gateway with DNP3 Outstation channels. Authentication is not required to e
GHSA
GHSA-9w3w-gw8r-v3wj: Triangle MicroWorks SCADA Data Gateway 3
ghsa_unreviewed·2022-05-24
CVE-2020-10615 [MEDIUM] GHSA-9w3w-gw8r-v3wj: Triangle MicroWorks SCADA Data Gateway 3
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-04-15
Published