CVE-2023-2186

HIGH

Triangle MicroWorks' SCADA Data Gateway <= v5.01.03 - Info Disclosu...

Title source: llm

Description

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution.

References (1)

[Third Party Advisory] https://www.trellix.com/en-us/about/newsroom/stories/research/industrial-and-manufacturing-cves.html

Scores

CVSS v3 8.2

EPSS 0.0037

EPSS Percentile 58.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-134

Status published

Products (1)

trianglemicroworks/scada_data_gateway < 5.01.03

Published Jun 07, 2023

Tracked Since Feb 18, 2026