cbcvebase.

Trianglemicroworks Scada Data Gateway vulnerabilities

22 known vulnerabilities affecting trianglemicroworks/scada_data_gateway.

Total CVEs
22
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH10MEDIUM8LOW1

Vulnerabilities

Page 1 of 2
CVE-2023-39457P2CRITICALCVSS 9.8v5.1.3.203242024-05-03
CVE-2023-39457 [CRITICAL] CWE-306 CVE-2023-39457: Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allo Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authentication. The iss
nvd
CVE-2022-0369P2HIGHCVSS 8.8v5.01.012024-05-07
CVE-2022-0369 [HIGH] CWE-22 CVE-2022-0369: Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution V Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism
nvd
CVE-2020-10611P2CRITICALCVSS 9.8≥ 2.41.0213, ≤ 4.0.1222020-04-15
CVE-2020-10611 [CRITICAL] CWE-843 CVE-2020-10611: Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows r Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this vulnerability. Only applicable to installations usin
nvd
CVE-2023-2186P2CRITICALCVSS 9.8≤ 5.01.032023-06-07
CVE-2023-2186 [CRITICAL] CWE-134 CVE-2023-2186: On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process
nvd
CVE-2023-39464P3HIGHCVSS 7.2v5.1.3.203242024-05-03
CVE-2023-39464 [HIGH] CWE-428 CVE-2023-39464: Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Executi Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism ca
nvd
CVE-2023-39460P3HIGHCVSS 7.2v5.1.3.203242024-05-03
CVE-2023-39460 [HIGH] CWE-22 CVE-2023-39460: Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnera Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can
nvd
CVE-2023-39463P3HIGHCVSS 7.2v5.1.3.203242024-05-03
CVE-2023-39463 [HIGH] CWE-434 CVE-2023-39463: Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentic
nvd
CVE-2023-39468P3HIGHCVSS 7.2v5.1.3.203242024-05-03
CVE-2023-39468 [HIGH] CWE-749 CVE-2023-39468: Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Rem Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability. The specific flaw exis
nvd
CVE-2023-39462P3MEDIUMCVSS 6.5v5.1.3.203242024-05-03
CVE-2023-39462 [MEDIUM] CWE-434 CVE-2023-39462: Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerabili Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The sp
nvd
CVE-2020-10615P3HIGHCVSS 7.5≥ 2.41.0213, ≤ 4.0.1222020-04-15
CVE-2020-10615 [HIGH] CWE-121 CVE-2020-10615: Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows r Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability.
nvd
CVE-2020-10613P3HIGHCVSS 7.5≥ 2.41.0213, ≤ 4.0.1222020-04-15
CVE-2020-10613 [HIGH] CWE-125 CVE-2020-10613: Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows r Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is not required to exploit this vulnerability. Only applicabl
nvd
CVE-2023-39465P3HIGHCVSS 7.5v5.1.3.203242024-05-03
CVE-2023-39465 [HIGH] CWE-321 CVE-2023-39465: Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vul Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within
nvd
CVE-2023-39459P3HIGHCVSS 7.8v5.1.32024-05-03
CVE-2023-39459 [HIGH] CWE-22 CVE-2023-39459: Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. Th Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma
nvd
CVE-2013-2793P4HIGHCVSS 7.8v2.50v2.50.0309+1 more2013-09-09
CVE-2013-2793 [HIGH] CWE-119 CVE-2013-2793: Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3. Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.
nvd
CVE-2023-39466P4MEDIUMCVSS 5.3v5.1.3.203242024-05-03
CVE-2023-39466 [MEDIUM] CWE-306 CVE-2023-39466: Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vuln Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within
nvd
CVE-2023-39458P4MEDIUMCVSS 5.3v5.1.3.203242024-05-03
CVE-2023-39458 [MEDIUM] CWE-798 CVE-2023-39458: Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerabi Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the
nvd
CVE-2023-2187P4MEDIUMCVSS 5.3≤ 5.01.032023-06-07
CVE-2023-2187 [MEDIUM] CWE-306 CVE-2023-2187: On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam
nvd
CVE-2023-39467P4MEDIUMCVSS 5.3v5.1.3.203242024-05-03
CVE-2023-39467 [MEDIUM] CWE-219 CVE-2023-39467: Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulner Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of
nvd
CVE-2023-39461P4MEDIUMCVSS 4.4v5.1.3.203242024-05-03
CVE-2023-39461 [MEDIUM] CWE-117 CVE-2023-39461: Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary F Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentic
nvd
CVE-2014-2342P4MEDIUMCVSS 5.0≤ 3.00.0633v2.50+56 more2014-05-30
CVE-2014-2342 [MEDIUM] CWE-400 CVE-2014-2342: Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet.
nvd
Trianglemicroworks Scada Data Gateway vulnerabilities | cvebase