Scada Data Gateway
CVE-2020-10611
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets.
AnalysisAI
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Access of Resource Using Incompatible Type (Type Confusion) (CWE-843), which allows attackers to execute arbitrary code by exploiting type confusion in the application. Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets. Affected products include: Trianglemicroworks Scada Data Gateway. Version information: through 4.0.122.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Enforce strict type checking, use type-safe languages, validate object types before operations.
More in Scada Data Gateway
View allOn Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted
Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.1
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers caus
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to d
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to
Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.1
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of servi
Share
External POC / Exploit Code
Leaving vuln.today