Details of VAR-202308-0677

ID

VAR-202308-0677

CVE

CVE-2023-39459

TITLE

Triangle MicroWorks of SCADA Data Gateway Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-029204

DESCRIPTION

Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531. (DoS) It may be in a state

Trust: 2.88

sources: NVD: CVE-2023-39459 // JVNDB: JVNDB-2023-029204 // ZDI: ZDI-23-1027 // CNVD: CNVD-2025-10576 // VULMON: CVE-2023-39459

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10576

AFFECTED PRODUCTS

vendor:	triangle microworks	model:	scada data gateway	scope:	-	version:	-	Trust: 1.5
vendor:	trianglemicroworks	model:	scada data gateway	scope:	eq	version:	5.1.3	Trust: 1.0
vendor:	triangle microworks	model:	scada data gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	triangle microworks	model:	scada data gateway	scope:	eq	version:	5.1.3	Trust: 0.8
vendor:	triangle	model:	microworks scada data gateway	scope:	-	version:	-	Trust: 0.6

sources: ZDI: ZDI-23-1027 // CNVD: CNVD-2025-10576 // JVNDB: JVNDB-2023-029204 // NVD: CVE-2023-39459

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-39459
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-029204
value:	HIGH
Trust: 0.8
ZDI:	CVE-2023-39459
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2025-10576
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-10576
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2023-39459
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.0
OTHER:	JVNDB-2023-029204
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2023-39459
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-1027 // CNVD: CNVD-2025-10576 // JVNDB: JVNDB-2023-029204 // NVD: CVE-2023-39459

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-029204 // NVD: CVE-2023-39459

PATCH

title:	Triangle MicroWorks has issued an update to correct this vulnerability.	url:	https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new	Trust: 0.7
title:	Patch for Triangle MicroWorks SCADA Data Gateway Arbitrary File Creation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/686876	Trust: 0.6

sources: ZDI: ZDI-23-1027 // CNVD: CNVD-2025-10576

EXTERNAL IDS

db:	NVD	id:	CVE-2023-39459	Trust: 4.0
db:	ZDI	id:	ZDI-23-1027	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-029204	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-20531	Trust: 0.7
db:	CNVD	id:	CNVD-2025-10576	Trust: 0.6
db:	VULMON	id:	CVE-2023-39459	Trust: 0.1

sources: ZDI: ZDI-23-1027 // CNVD: CNVD-2025-10576 // VULMON: CVE-2023-39459 // JVNDB: JVNDB-2023-029204 // NVD: CVE-2023-39459

REFERENCES

url:	https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new	Trust: 2.5
url:	https://www.zerodayinitiative.com/advisories/zdi-23-1027/	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-39459	Trust: 1.4

sources: ZDI: ZDI-23-1027 // CNVD: CNVD-2025-10576 // VULMON: CVE-2023-39459 // JVNDB: JVNDB-2023-029204 // NVD: CVE-2023-39459

CREDITS

Li Jiantao, Ngo Wei Lin, Pan Zhenpeng of STAR Labs SG Pte. Ltd.

Trust: 0.7

sources: ZDI: ZDI-23-1027

SOURCES

db:	ZDI	id:	ZDI-23-1027
db:	CNVD	id:	CNVD-2025-10576
db:	VULMON	id:	CVE-2023-39459
db:	JVNDB	id:	JVNDB-2023-029204
db:	NVD	id:	CVE-2023-39459

LAST UPDATE DATE

2025-06-20T23:14:18.629000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-1027	date:	2023-08-04T00:00:00
db:	CNVD	id:	CNVD-2025-10576	date:	2025-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2023-029204	date:	2025-06-19T06:02:00
db:	NVD	id:	CVE-2023-39459	date:	2025-06-17T21:03:44.860

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-1027	date:	2023-08-04T00:00:00
db:	CNVD	id:	CNVD-2025-10576	date:	2025-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2023-029204	date:	2025-06-19T00:00:00
db:	NVD	id:	CVE-2023-39459	date:	2024-05-03T03:15:10.987