Details of VAR-202004-0075

ID

VAR-202004-0075

CVE

CVE-2020-10613

TITLE

Triangle MicroWorks SCADA Data Gateway buffer error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-28051 // CNNVD: CNNVD-202004-947

DESCRIPTION

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets. Triangle MicroWorks Library for control systems provided by the company DNP3 Outstation Libraries , And data management applications for control systems SCADA Data Gateway The following vulnerabilities exist in. DNP3 Outstation Libraries * Stack-based buffer overflow (CWE-121) - CVE-2020-6966 SCADA Data Gateway * Wrong type (CWE-843) - CVE-2020-10611 * Out-of-bounds read (CWE-125) - CVE-2020-10613 * Stack-based buffer overflow (CWE-121) - CVE-2020-10615The expected impact depends on each vulnerability, but it may be affected as follows. * Code execution stopped by an unauthenticated remote third party - CVE-2020-6966 * Arbitrary code executed by an unauthenticated remote third party - CVE-2020-10611 * Sensitive information stolen by an unauthenticated remote third party - CVE-2020-10613 * Interfering with service operations by an unauthenticated remote third party (DoS) Be attacked - CVE-2020-10615. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product of American Triangle MicroWorks company. The vulnerability stems from the lack of correct verification of user-provided data

Trust: 2.97

sources: NVD: CVE-2020-10613 // JVNDB: JVNDB-2020-003486 // ZDI: ZDI-20-548 // CNVD: CNVD-2020-28051 // VULHUB: VHN-163109 // VULMON: CVE-2020-10613

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-28051

AFFECTED PRODUCTS

vendor:	trianglemicroworks	model:	scada data gateway	scope:	lte	version:	4.0.122	Trust: 1.0
vendor:	trianglemicroworks	model:	scada data gateway	scope:	gte	version:	2.41.0213	Trust: 1.0
vendor:	triangle microworks	model:	dnp3 outstation	scope:	eq	version:	.net protocol components version 3.16.00 から 3.25.01	Trust: 0.8
vendor:	triangle microworks	model:	dnp3 outstation	scope:	eq	version:	ansi c source code libraries version 3.16.00 から 3.25.01	Trust: 0.8
vendor:	triangle microworks	model:	scada data gateway	scope:	eq	version:	software version 2.41.0213 から 4.0.122	Trust: 0.8
vendor:	triangle microworks	model:	scada data gateway	scope:	-	version:	-	Trust: 0.7
vendor:	triangle	model:	microworks scada data gateway	scope:	gte	version:	3.02.0697,<=4.0.122	Trust: 0.6
vendor:	triangle	model:	microworks scada data gateway	scope:	gte	version:	2.41.0213,<=4.0.122	Trust: 0.6

sources: ZDI: ZDI-20-548 // CNVD: CNVD-2020-28051 // JVNDB: JVNDB-2020-003486 // NVD: CVE-2020-10613

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2020-003486
value:	CRITICAL
Trust: 1.6
IPA:	JVNDB-2020-003486
value:	HIGH
Trust: 1.6
nvd@nist.gov:	CVE-2020-10613
value:	HIGH
Trust: 1.0
ZDI:	CVE-2020-10613
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2020-28051
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-947
value:	HIGH
Trust: 0.6
VULHUB:	VHN-163109
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-10613
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-10613
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2020-28051
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-163109
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-10613
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-003486
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-003486
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-003486
baseSeverity:	HIGH
baseScore:	5.3
vectorString:	3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-003486
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-10613
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-548 // CNVD: CNVD-2020-28051 // VULHUB: VHN-163109 // VULMON: CVE-2020-10613 // JVNDB: JVNDB-2020-003486 // JVNDB: JVNDB-2020-003486 // JVNDB: JVNDB-2020-003486 // JVNDB: JVNDB-2020-003486 // CNNVD: CNNVD-202004-947 // NVD: CVE-2020-10613

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.9
problemtype:	CWE-121	Trust: 0.8
problemtype:	CWE-843	Trust: 0.8

sources: VULHUB: VHN-163109 // JVNDB: JVNDB-2020-003486 // NVD: CVE-2020-10613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-947

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-947

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003486

PATCH

title:	Support Request: .NET Protocol Components	url:	https://www.trianglemicroworks.com/support/dotnet-protocol-components	Trust: 0.8
title:	Support Request: Source Code Library	url:	https://www.trianglemicroworks.com/support/source-code-libraries	Trust: 0.8
title:	Support Request: SCADA Data Gateway	url:	https://www.trianglemicroworks.com/support/scada-data-gateway	Trust: 0.8
title:	Triangle MicroWorks has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-20-105-03	Trust: 0.7
title:	Patch for Triangle MicroWorks SCADA Data Gateway buffer error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/217385	Trust: 0.6
title:	Triangle MicroWorks SCADA Data Gateway Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117121	Trust: 0.6

sources: ZDI: ZDI-20-548 // CNVD: CNVD-2020-28051 // JVNDB: JVNDB-2020-003486 // CNNVD: CNNVD-202004-947

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10613	Trust: 3.9
db:	ICS CERT	id:	ICSA-20-105-03	Trust: 3.2
db:	ZDI	id:	ZDI-20-548	Trust: 2.5
db:	ICS CERT	id:	ICSA-20-105-02	Trust: 0.8
db:	JVN	id:	JVNVU93838113	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-003486	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10300	Trust: 0.7
db:	CNNVD	id:	CNNVD-202004-947	Trust: 0.7
db:	CNVD	id:	CNVD-2020-28051	Trust: 0.6
db:	NSFOCUS	id:	47775	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1310	Trust: 0.6
db:	VULHUB	id:	VHN-163109	Trust: 0.1
db:	VULMON	id:	CVE-2020-10613	Trust: 0.1

sources: ZDI: ZDI-20-548 // CNVD: CNVD-2020-28051 // VULHUB: VHN-163109 // VULMON: CVE-2020-10613 // JVNDB: JVNDB-2020-003486 // CNNVD: CNNVD-202004-947 // NVD: CVE-2020-10613

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-105-03	Trust: 4.5
url:	https://www.zerodayinitiative.com/advisories/zdi-20-548/	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10611	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10613	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10615	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6996	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-20-105-02	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93838113/	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47775	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10613	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1310/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/179593	Trust: 0.1

CREDITS

Tobias Scharnowski, Niklas Breitfeld, and Ali Abbasi

Trust: 0.7

sources: ZDI: ZDI-20-548

SOURCES

db:	ZDI	id:	ZDI-20-548
db:	CNVD	id:	CNVD-2020-28051
db:	VULHUB	id:	VHN-163109
db:	VULMON	id:	CVE-2020-10613
db:	JVNDB	id:	JVNDB-2020-003486
db:	CNNVD	id:	CNNVD-202004-947
db:	NVD	id:	CVE-2020-10613

LAST UPDATE DATE

2024-11-23T21:51:36.283000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-548	date:	2020-04-16T00:00:00
db:	CNVD	id:	CNVD-2020-28051	date:	2020-05-13T00:00:00
db:	VULHUB	id:	VHN-163109	date:	2020-04-22T00:00:00
db:	VULMON	id:	CVE-2020-10613	date:	2020-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-003486	date:	2020-04-17T00:00:00
db:	CNNVD	id:	CNNVD-202004-947	date:	2020-08-14T00:00:00
db:	NVD	id:	CVE-2020-10613	date:	2024-11-21T04:55:42.027

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-548	date:	2020-04-16T00:00:00
db:	CNVD	id:	CNVD-2020-28051	date:	2020-05-13T00:00:00
db:	VULHUB	id:	VHN-163109	date:	2020-04-15T00:00:00
db:	VULMON	id:	CVE-2020-10613	date:	2020-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-003486	date:	2020-04-17T00:00:00
db:	CNNVD	id:	CNNVD-202004-947	date:	2020-04-14T00:00:00
db:	NVD	id:	CVE-2020-10613	date:	2020-04-15T19:15:13.690