Platform
other
Component
scada-data-gateway
Fixed in
5.1.4
CVE-2023-39457 describes a critical missing authentication vulnerability in Triangle MicroWorks SCADA Data Gateway. This flaw allows attackers to execute arbitrary code without any authentication, posing a significant risk to industrial control systems. The vulnerability impacts versions 5.1.3.20324 through 5.1.3.20324. A fix is expected from the vendor.
The absence of authentication in the SCADA Data Gateway means an attacker can directly access and control the system without needing credentials. This can lead to complete compromise of the industrial control system, allowing an attacker to manipulate processes, steal sensitive data, or disrupt operations. The ability to execute code as root grants the attacker the highest level of privileges, enabling them to install malware, modify system configurations, and potentially cause physical damage to connected equipment. Given the critical nature of SCADA systems, exploitation could have severe consequences for critical infrastructure and industrial processes.
This vulnerability is considered high probability due to the lack of authentication and the potential for remote code execution. It has been reported to ZDI (ZDI-CAN-20501) and publicly disclosed on 2024-05-03. While no public proof-of-concept (PoC) has been released, the ease of exploitation makes it a likely target for malicious actors. It is not currently listed on CISA KEV as of this writing.
Exploit Status
EPSS
0.38% (59% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to a patched version of the SCADA Data Gateway as soon as it becomes available from Triangle MicroWorks. Until then, implement immediate workarounds to limit exposure. Network segmentation is crucial – isolate the SCADA Data Gateway from the broader network to prevent lateral movement. Implement strict firewall rules to restrict access to the gateway to only authorized sources. Consider using a Web Application Firewall (WAF) to filter malicious traffic. Regularly monitor system logs for suspicious activity. While a direct detection signature is difficult without specific code execution, monitor for unexpected network connections originating from the gateway.
Update Triangle MicroWorks SCADA Data Gateway to a version that requires authentication. Consult the vendor's website for the latest version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-39457 is a critical vulnerability in Triangle MicroWorks SCADA Data Gateway versions 5.1.3.20324–5.1.3.20324 that allows remote attackers to execute code without authentication.
If you are using Triangle MicroWorks SCADA Data Gateway versions 5.1.3.20324 through 5.1.3.20324, you are potentially affected by this vulnerability.
Upgrade to a patched version of the SCADA Data Gateway as soon as it becomes available. Until then, implement network segmentation and strict firewall rules.
While no active exploitation has been publicly confirmed, the ease of exploitation makes it a likely target for malicious actors.
Refer to the Triangle MicroWorks website or contact their support for the official advisory regarding CVE-2023-39457.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.