Details of VAR-202308-1066

ID

VAR-202308-1066

CVE

CVE-2023-39463

TITLE

Triangle MicroWorks of SCADA Data Gateway Vulnerability in unlimited upload of dangerous types of files in

Trust: 0.8

sources: JVNDB: JVNDB-2023-029214

DESCRIPTION

Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537. Triangle MicroWorks of SCADA Data Gateway Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks of the United States

Trust: 2.79

sources: NVD: CVE-2023-39463 // JVNDB: JVNDB-2023-029214 // ZDI: ZDI-23-1031 // CNVD: CNVD-2025-10577

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10577

AFFECTED PRODUCTS

vendor:	triangle microworks	model:	scada data gateway	scope:	-	version:	-	Trust: 1.5
vendor:	trianglemicroworks	model:	scada data gateway	scope:	eq	version:	5.1.3.20324	Trust: 1.0
vendor:	triangle microworks	model:	scada data gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	triangle microworks	model:	scada data gateway	scope:	eq	version:	5.1.3.20324	Trust: 0.8
vendor:	triangle	model:	microworks scada data gateway	scope:	-	version:	-	Trust: 0.6

sources: ZDI: ZDI-23-1031 // CNVD: CNVD-2025-10577 // JVNDB: JVNDB-2023-029214 // NVD: CVE-2023-39463

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-39463
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-029214
value:	HIGH
Trust: 0.8
ZDI:	CVE-2023-39463
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2025-10577
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-10577
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2023-39463
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.0
OTHER:	JVNDB-2023-029214
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2023-39463
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-1031 // CNVD: CNVD-2025-10577 // JVNDB: JVNDB-2023-029214 // NVD: CVE-2023-39463

PROBLEMTYPE DATA

problemtype:	CWE-434	Trust: 1.0
problemtype:	Unlimited uploads of dangerous types of files (CWE-434) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-029214 // NVD: CVE-2023-39463

PATCH

title:	Triangle MicroWorks has issued an update to correct this vulnerability.	url:	https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new	Trust: 0.7
title:	Patch for Triangle MicroWorks SCADA Data Gateway Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/687791	Trust: 0.6

sources: ZDI: ZDI-23-1031 // CNVD: CNVD-2025-10577

EXTERNAL IDS

db:	NVD	id:	CVE-2023-39463	Trust: 3.9
db:	ZDI	id:	ZDI-23-1031	Trust: 2.5
db:	JVNDB	id:	JVNDB-2023-029214	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-20537	Trust: 0.7
db:	CNVD	id:	CNVD-2025-10577	Trust: 0.6

sources: ZDI: ZDI-23-1031 // CNVD: CNVD-2025-10577 // JVNDB: JVNDB-2023-029214 // NVD: CVE-2023-39463

REFERENCES

url:	https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new	Trust: 2.5
url:	https://www.zerodayinitiative.com/advisories/zdi-23-1031/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-39463	Trust: 1.4

sources: ZDI: ZDI-23-1031 // CNVD: CNVD-2025-10577 // JVNDB: JVNDB-2023-029214 // NVD: CVE-2023-39463

CREDITS

Team ECQ

Trust: 0.7

sources: ZDI: ZDI-23-1031

SOURCES

db:	ZDI	id:	ZDI-23-1031
db:	CNVD	id:	CNVD-2025-10577
db:	JVNDB	id:	JVNDB-2023-029214
db:	NVD	id:	CVE-2023-39463

LAST UPDATE DATE

2025-06-21T23:33:47.751000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-1031	date:	2023-08-04T00:00:00
db:	CNVD	id:	CNVD-2025-10577	date:	2025-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2023-029214	date:	2025-06-20T07:38:00
db:	NVD	id:	CVE-2023-39463	date:	2025-06-17T21:03:30.330

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-1031	date:	2023-08-04T00:00:00
db:	CNVD	id:	CNVD-2025-10577	date:	2025-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2023-029214	date:	2025-06-20T00:00:00
db:	NVD	id:	CVE-2023-39463	date:	2024-05-03T03:15:11.703