CVE-2023-2186
published 2023-06-07CVE-2023-2186: On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format…
PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.71%
48.7th percentile
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| triangle_microworks | scada_data_gateway | — | — |
| trianglemicroworks | scada_data_gateway | <= 5.01.03 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gqvf-fxmv-5gj9: On Triangle MicroWorks' SCADA Data Gateway version <= v5
ghsa_unreviewed·2023-06-07
CVE-2023-2186 [CRITICAL] CWE-134 GHSA-gqvf-fxmv-5gj9: On Triangle MicroWorks' SCADA Data Gateway version <= v5
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution.
Red Hat
kernel: jfs: fix array-index-out-of-bounds in dbAdjTree
vendor_redhat·2024-03-06·CVSS 7.8
CVE-2023-52601 [HIGH] CWE-125 kernel: jfs: fix array-index-out-of-bounds in dbAdjTree
kernel: jfs: fix array-index-out-of-bounds in dbAdjTree
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix array-index-out-of-bounds in dbAdjTree
Currently there is a bound check missing in the dbAdjTree while
accessing the dmt_stree. To add the required check added the bool is_ctl
which is required to determine the size as suggest in the following
commit.
https://lore.kernel.org/linux-kernel-mentees/[email protected]/
An array-index-out-of-bounds flaw was found in dbAdjTree in the Linux kernel. This may result in a crash.
Statement: Red Hat has protection mechanisms in place against buffer overflows such as FORTIFY_SOURCE, Position Independent Executables, or Stack Smashing Protection.
Package: kernel (Red Hat Enterprise Linux 6)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-07
Published