Lucene search

Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon BrizinovZDI-23-1025

HistoryAug 04, 2023 - 12:00 a.m.

(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability

2023-08-0400:00:00

Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov

www.zerodayinitiative.com

pwn2own

remote attackers

bypass authentication

triangle microworks

scada data gateway

user authentication

default system configuration

arbitrary code

root

EPSS

0.001

Percentile

16.2%

JSON

This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root.

References

www.trianglemicroworks.com/products/scada-data-gateway/what's-new

EPSS

0.001

Percentile

16.2%

JSON

Related for ZDI-23-1025