CVE-2023-39464

Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new
https://www.zerodayinitiative.com/advisories/ZDI-23-1032/

Configurations

No configuration.

History

No history.

Information

Published : 2024-05-03 03:15

Updated : 2024-05-03 12:50

NVD link : CVE-2023-39464

Mitre link : CVE-2023-39464

CVE.ORG link : CVE-2023-39464

JSON object : View

Products Affected

No product.

CWE

CWE-428

Unquoted Search Path or Element

{"id": "CVE-2023-39464", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-05-03T03:15:11.870", "references": [{"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new", "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1032/", "source": "zdi-disclosures@trendmicro.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538."}, {"lang": "es", "value": "Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en ruta de b\u00fasqueda sin comillas. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo en las instalaciones afectadas de Triangle MicroWorks SCADA Data Gateway. Aunque se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad, se puede omitir el mecanismo de autenticaci\u00f3n existente. La falla espec\u00edfica existe en la configuraci\u00f3n del servicio GTWWebMonitorService. La ruta al ejecutable del servicio contiene espacios que no est\u00e1n entre comillas. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz. Era ZDI-CAN-20538."}], "lastModified": "2024-05-03T12:50:12.213", "sourceIdentifier": "zdi-disclosures@trendmicro.com"}