CVE-2023-2186

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.trellix.com/en-us/about/newsroom/stories/research/industrial-and-manufacturing-cves.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*

History

16 Jun 2023, 18:05

Type	Values Removed	Values Added
CWE		CWE-134
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:a:trianglemicroworks:scada_data_gateway::::::::
References	~~(MISC) https://www.trellix.com/en-us/about/newsroom/stories/research/industrial-and-manufacturing-cves.html -~~	(MISC) https://www.trellix.com/en-us/about/newsroom/stories/research/industrial-and-manufacturing-cves.html - Third Party Advisory
First Time		Trianglemicroworks Trianglemicroworks scada Data Gateway

07 Jun 2023, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-06-07 07:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-2186

Mitre link : CVE-2023-2186

CVE.ORG link : CVE-2023-2186

JSON object : View

Products Affected

trianglemicroworks

scada_data_gateway

CWE

CWE-134

Use of Externally-Controlled Format String

{"id": "CVE-2023-2186", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2023-06-07T07:15:08.490", "references": [{"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/industrial-and-manufacturing-cves.html", "tags": ["Third Party Advisory"], "source": "trellixpsirt@trellix.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution."}], "lastModified": "2023-06-16T18:05:53.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A763593D-AA02-4DF7-9D24-A88EB254594D", "versionEndIncluding": "5.01.03"}], "operator": "OR"}]}], "sourceIdentifier": "trellixpsirt@trellix.com"}