ZDI-23-1030: (Pwn2Own) Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability
First published: Fri Aug 04 2023(Updated: )
This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trianglemicroworks SCADA Data Gateway |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-23-1030?
The severity of ZDI-23-1030 is critical due to its potential to allow remote file uploads by authenticated users.
How do I fix ZDI-23-1030?
To fix ZDI-23-1030, update to the latest version of Triangle MicroWorks SCADA Data Gateway that addresses this vulnerability.
What type of attack does ZDI-23-1030 enable?
ZDI-23-1030 enables remote attackers to upload arbitrary files to the SCADA Data Gateway.
Is authentication required to exploit ZDI-23-1030?
Yes, authentication is required to exploit ZDI-23-1030, but the existing mechanism can be bypassed.
What software is affected by ZDI-23-1030?
The vulnerability ZDI-23-1030 affects Triangle MicroWorks SCADA Data Gateway installations.
- collector/zdi-published
- alias/ZDI-CAN-20536
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/title
- agent/description
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-23-1030
- alias/CVE-2023-39462
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/triangle microworks
- canonical/trianglemicroworks scada data gateway