cbcvebase.
CVE-2023-2187
published 2023-06-07

CVE-2023-2187: On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An…

PriorityP430medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.59%
43.9th percentile
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events.

Affected

2 ranges
VendorProductVersion rangeFixed in
triangle_microworksscada_data_gateway
trianglemicroworksscada_data_gateway<= 5.01.03
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.