Plataforma
other
Componente
scada-data-gateway
Corrigido em
5.1.4
CVE-2023-39457 describes a critical missing authentication vulnerability in Triangle MicroWorks SCADA Data Gateway. This flaw allows attackers to execute arbitrary code without any authentication, posing a significant risk to industrial control systems. The vulnerability impacts versions 5.1.3.20324 through 5.1.3.20324. A fix is expected from the vendor.
The absence of authentication in the SCADA Data Gateway means an attacker can directly access and control the system without needing credentials. This can lead to complete compromise of the industrial control system, allowing an attacker to manipulate processes, steal sensitive data, or disrupt operations. The ability to execute code as root grants the attacker the highest level of privileges, enabling them to install malware, modify system configurations, and potentially cause physical damage to connected equipment. Given the critical nature of SCADA systems, exploitation could have severe consequences for critical infrastructure and industrial processes.
This vulnerability is considered high probability due to the lack of authentication and the potential for remote code execution. It has been reported to ZDI (ZDI-CAN-20501) and publicly disclosed on 2024-05-03. While no public proof-of-concept (PoC) has been released, the ease of exploitation makes it a likely target for malicious actors. It is not currently listed on CISA KEV as of this writing.
Organizations that rely on Triangle MicroWorks SCADA Data Gateway for industrial control and automation are at significant risk. This includes critical infrastructure sectors such as energy, water, and manufacturing. Specifically, deployments with default configurations or those lacking robust network security measures are particularly vulnerable.
• linux / server: Monitor system logs (journalctl) for unusual network connections originating from the SCADA Data Gateway. Look for connections to unexpected IP addresses or ports.
journalctl -u scada_gateway -f | grep 'Connection accepted from' • generic web: Use curl to check for exposed endpoints that might be accessible without authentication.
curl -I http://<scada_gateway_ip>/admin• other: Review firewall rules and network configurations to ensure the SCADA Data Gateway is properly segmented and access is restricted to authorized sources.
disclosure
Status do Exploit
EPSS
0.38% (percentil 59%)
CISA SSVC
Vetor CVSS
The primary mitigation is to upgrade to a patched version of the SCADA Data Gateway as soon as it becomes available from Triangle MicroWorks. Until then, implement immediate workarounds to limit exposure. Network segmentation is crucial – isolate the SCADA Data Gateway from the broader network to prevent lateral movement. Implement strict firewall rules to restrict access to the gateway to only authorized sources. Consider using a Web Application Firewall (WAF) to filter malicious traffic. Regularly monitor system logs for suspicious activity. While a direct detection signature is difficult without specific code execution, monitor for unexpected network connections originating from the gateway.
Atualize o Triangle MicroWorks SCADA Data Gateway para uma versão que requeira autenticação. Consulte o site do fornecedor para obter a versão mais recente e as instruções de atualização.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2023-39457 is a critical vulnerability in Triangle MicroWorks SCADA Data Gateway versions 5.1.3.20324–5.1.3.20324 that allows remote attackers to execute code without authentication.
If you are using Triangle MicroWorks SCADA Data Gateway versions 5.1.3.20324 through 5.1.3.20324, you are potentially affected by this vulnerability.
Upgrade to a patched version of the SCADA Data Gateway as soon as it becomes available. Until then, implement network segmentation and strict firewall rules.
While no active exploitation has been publicly confirmed, the ease of exploitation makes it a likely target for malicious actors.
Refer to the Triangle MicroWorks website or contact their support for the official advisory regarding CVE-2023-39457.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.