Platform
other
Component
scada-data-gateway
Opgelost in
5.1.4
CVE-2023-39457 describes a critical missing authentication vulnerability in Triangle MicroWorks SCADA Data Gateway. This flaw allows attackers to execute arbitrary code without any authentication, posing a significant risk to industrial control systems. The vulnerability impacts versions 5.1.3.20324 through 5.1.3.20324. A fix is expected from the vendor.
The absence of authentication in the SCADA Data Gateway means an attacker can directly access and control the system without needing credentials. This can lead to complete compromise of the industrial control system, allowing an attacker to manipulate processes, steal sensitive data, or disrupt operations. The ability to execute code as root grants the attacker the highest level of privileges, enabling them to install malware, modify system configurations, and potentially cause physical damage to connected equipment. Given the critical nature of SCADA systems, exploitation could have severe consequences for critical infrastructure and industrial processes.
This vulnerability is considered high probability due to the lack of authentication and the potential for remote code execution. It has been reported to ZDI (ZDI-CAN-20501) and publicly disclosed on 2024-05-03. While no public proof-of-concept (PoC) has been released, the ease of exploitation makes it a likely target for malicious actors. It is not currently listed on CISA KEV as of this writing.
Organizations that rely on Triangle MicroWorks SCADA Data Gateway for industrial control and automation are at significant risk. This includes critical infrastructure sectors such as energy, water, and manufacturing. Specifically, deployments with default configurations or those lacking robust network security measures are particularly vulnerable.
• linux / server: Monitor system logs (journalctl) for unusual network connections originating from the SCADA Data Gateway. Look for connections to unexpected IP addresses or ports.
journalctl -u scada_gateway -f | grep 'Connection accepted from' • generic web: Use curl to check for exposed endpoints that might be accessible without authentication.
curl -I http://<scada_gateway_ip>/admin• other: Review firewall rules and network configurations to ensure the SCADA Data Gateway is properly segmented and access is restricted to authorized sources.
disclosure
Exploit Status
EPSS
0.38% (59% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation is to upgrade to a patched version of the SCADA Data Gateway as soon as it becomes available from Triangle MicroWorks. Until then, implement immediate workarounds to limit exposure. Network segmentation is crucial – isolate the SCADA Data Gateway from the broader network to prevent lateral movement. Implement strict firewall rules to restrict access to the gateway to only authorized sources. Consider using a Web Application Firewall (WAF) to filter malicious traffic. Regularly monitor system logs for suspicious activity. While a direct detection signature is difficult without specific code execution, monitor for unexpected network connections originating from the gateway.
Werk Triangle MicroWorks SCADA Data Gateway bij naar een versie die authenticatie vereist. Raadpleeg de website van de leverancier voor de nieuwste versie en update-instructies.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2023-39457 is a critical vulnerability in Triangle MicroWorks SCADA Data Gateway versions 5.1.3.20324–5.1.3.20324 that allows remote attackers to execute code without authentication.
If you are using Triangle MicroWorks SCADA Data Gateway versions 5.1.3.20324 through 5.1.3.20324, you are potentially affected by this vulnerability.
Upgrade to a patched version of the SCADA Data Gateway as soon as it becomes available. Until then, implement network segmentation and strict firewall rules.
While no active exploitation has been publicly confirmed, the ease of exploitation makes it a likely target for malicious actors.
Refer to the Triangle MicroWorks website or contact their support for the official advisory regarding CVE-2023-39457.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.