Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiClaroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon BrizinovZDI-23-1029
HistoryAug 04, 2023 - 12:00 a.m.

(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability

2023-08-0400:00:00
Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov
www.zerodayinitiative.com
36
vulnerability
remote
arbitrary files
authentication bypass
event logs
improper sanitization
code execution
root context

EPSS

0.001

Percentile

16.2%

JSON

This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root.

Related

cvelist 1
nvd 1
vulnrichment 1
cve 1
cvelist
cvelist
CVE-2023-39461 Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability
2024-05-03 01:59:25
nvd
nvd
CVE-2023-39461
2024-05-03 03:15:11
vulnrichment
vulnrichment
CVE-2023-39461 Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability
2024-05-03 01:59:25
cve
cve
CVE-2023-39461
2024-05-03 03:15:11

EPSS

0.001

Percentile

16.2%

JSON
Related for ZDI-23-1029
cvelist1nvd1vulnrichment1cve1