First published: Fri May 03 2024(Updated: )
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Credit: zdi-disclosures@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trianglemicroworks SCADA Data Gateway |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-39468 has been classified as a critical severity vulnerability due to its potential to allow remote code execution.
To fix CVE-2023-39468, you should apply the latest security patches provided by Triangle MicroWorks for the SCADA Data Gateway software.
CVE-2023-39468 affects installations of Triangle MicroWorks SCADA Data Gateway that have not been secured against this specific vulnerability.
No, CVE-2023-39468 requires authentication to exploit, which limits potential attacks to users with valid access.
If exploited, CVE-2023-39468 can lead to unauthorized execution of arbitrary code, posing serious risks to the integrity and security of affected systems.