Lucene search
+L

191 matches found

BDU FSTEC
BDU FSTEC
added 2023/08/18 12:0 a.m.9 views

The vulnerability of the SCADA Data Gateway (SDG) arises from incorrect restrictions on the path to the restricted access catalog. This allows attackers to create or delete arbitrary files under the administrator’s name.

The vulnerability of the SCADA system SCADA Data Gateway SDG is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability allows an attacker to create or delete arbitrary files under the administrator’s name...

7.8CVSS7.3AI score0.00954EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/16 12:0 a.m.8 views

The vulnerability of the SCADA system SCADA Data Gateway (SDG) lies in its ability to load files of a dangerous type without limitation, allowing a intruder to execute arbitrary code.

The vulnerability of the SCADA system SCADA Data Gateway SDG is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

8.3CVSS7.5AI score0.01002EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/16 12:0 a.m.11 views

The vulnerability of the SCADA system SCADA Data Gateway (SDG) arises from incorrect restrictions on the name of the path to the restricted access catalog. This allows a intruder to execute arbitrary code.

The vulnerability of the SCADA system SCADA Data Gateway SDG is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to execute any code in the root context remotely...

8.3CVSS7.3AI score0.02854EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/16 12:0 a.m.7 views

The vulnerability of the GTWWebMonitorService function in the CADA-system’s SCADA Data Gateway allows a intruder to execute arbitrary code.

The vulnerability of the GTWWebMonitorService function in the CADA-system’s SCADA Data Gateway SDG is related to the absence of quotation marks in the code for elements or search paths. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the root context...

8.3CVSS7.5AI score0.01577EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/16 12:0 a.m.6 views

The vulnerability of the DbasSectorFileToExecuteOnReset function in the CADA-system’s SCADA Data Gateway allows a intruder to execute arbitrary code.

The vulnerability of the DbasSectorFileToExecuteOnReset function in the CADA-remote monitoring system’s SCADA Data Gateway is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the SYSTEM context remotely...

8.3CVSS7.5AI score0.01486EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/16 12:0 a.m.6 views

The vulnerability of the SCADA system SCADA Data Gateway (SDG) arises from the use of a strictly encrypted cryptographic key. This allows an intruder to gain unauthorized access to protected information.

The vulnerability of the SCADA system SCADA Data Gateway SDG is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an intruder operating remotely to gain unauthorized access to protected information...

7.8CVSS7.2AI score0.00707EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/15 12:0 a.m.8 views

The vulnerability of the SCADA system SCADA Data Gateway (SDG) is related to deficiencies in authentication procedures. This allows attackers to bypass security restrictions and gain unauthorized access to the system.

The vulnerability of the SCADA system, SCADA Data Gateway SDG, is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to the system...

10CVSS7.7AI score0.01623EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2023/08/07 12:0 a.m.2 views

Triangle MicroWorks SCADA Data Gateway Arbitrary Code Execution Vulnerability

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. An arbitrary code execution vulnerability exists in Triangle MicroWorks SCADA Data Gateway, which can be exploited by an attacker to execute arbitrary code...

7.2CVSS8.2AI score0.01486EPSS
Exploits0References1
CNVD
CNVD
added 2023/08/07 12:0 a.m.9 views

Triangle MicroWorks SCADA Data Gateway Authentication Missing Vulnerability

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. Triangle MicroWorks SCADA Data Gateway suffers from an authentication missing vulnerability that can be exploited by an attacker to execute arbitrary code...

9.8CVSS7.6AI score0.01623EPSS
Exploits0References1
CNVD
CNVD
added 2023/08/07 12:0 a.m.3 views

Triangle MicroWorks SCADA Data Gateway Code Execution Vulnerability

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. A code execution vulnerability exists in Triangle MicroWorks SCADA Data Gateway, which can be exploited by an attacker to execute arbitrary code...

7.2CVSS8AI score0.01002EPSS
Exploits0References1
CNVD
CNVD
added 2023/08/07 12:0 a.m.6 views

Triangle MicroWorks SCADA Data Gateway Arbitrary File Creation Vulnerability

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. An arbitrary file creation vulnerability exists in Triangle MicroWorks SCADA Data Gateway, which can be exploited by an attacker to submit a special request to execute arbitrary code...

7.2CVSS7.4AI score0.02854EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/08/04 12:0 a.m.22 views

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TmwCrypto class. The issue results from the usage of ...

7.5CVSS6.2AI score0.00707EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/08/04 12:0 a.m.57 views

Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of certificate web directory. The issue...

5.3CVSS6.2AI score0.00539EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/04 12:0 a.m.6 views

PT-2023-4361 · Triangle Microworks · Triangle Microworks Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to...

8.3CVSS7.8AI score0.01577EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/08/04 12:0 a.m.4 views

PT-2023-4350 · Triangle Microworks · Triangle Microworks Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. The specific flaw exists...

8.3CVSS7.6AI score0.01486EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/04 12:0 a.m.5 views

PT-2023-4408 · Triangle Microworks · Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations. User interaction is required, where the target must visit a malicious...

7.8CVSS6.6AI score0.00954EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/08/04 12:0 a.m.16 views

PT-2023-4951 · Triangle Microworks · Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations due to missing authentication. The specific flaw exists within...

5.3CVSS6.9AI score0.00926EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/04 12:0 a.m.4 views

PT-2023-4359 · Triangle Microworks · Triangle Microworks Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is...

8.3CVSS7.9AI score0.01002EPSS
Exploits0References7
Zero Day Initiative
Zero Day Initiative
added 2023/08/04 12:0 a.m.25 views

(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authentication. The issue results from missing...

9.8CVSS7.6AI score0.01623EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/08/04 12:0 a.m.18 views

Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getconfig endpoint. The issue results from the lack o...

5.3CVSS6.4AI score0.00926EPSS
Exploits0References1
Rows per page
Query Builder