Details of VAR-202308-1639

ID

VAR-202308-1639

CVE

CVE-2023-39464

TITLE

Triangle MicroWorks of SCADA Data Gateway Unquoted Search Path or Element Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-029208

DESCRIPTION

Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538. (DoS) It may be in a state

Trust: 2.88

sources: NVD: CVE-2023-39464 // JVNDB: JVNDB-2023-029208 // ZDI: ZDI-23-1032 // CNVD: CNVD-2024-36826 // VULMON: CVE-2023-39464

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-36826

AFFECTED PRODUCTS

vendor:	triangle microworks	model:	scada data gateway	scope:	-	version:	-	Trust: 1.5
vendor:	trianglemicroworks	model:	scada data gateway	scope:	eq	version:	5.1.3.20324	Trust: 1.0
vendor:	triangle microworks	model:	scada data gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	triangle microworks	model:	scada data gateway	scope:	eq	version:	5.1.3.20324	Trust: 0.8
vendor:	triangle	model:	microworks scada data gateway	scope:	-	version:	-	Trust: 0.6

sources: ZDI: ZDI-23-1032 // CNVD: CNVD-2024-36826 // JVNDB: JVNDB-2023-029208 // NVD: CVE-2023-39464

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-39464
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-029208
value:	HIGH
Trust: 0.8
ZDI:	CVE-2023-39464
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2024-36826
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-36826
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2023-39464
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.0
OTHER:	JVNDB-2023-029208
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2023-39464
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-1032 // CNVD: CNVD-2024-36826 // JVNDB: JVNDB-2023-029208 // NVD: CVE-2023-39464

PROBLEMTYPE DATA

problemtype:	CWE-428	Trust: 1.0
problemtype:	unquoted search path or element (CWE-428) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-029208 // NVD: CVE-2023-39464

PATCH

title:	Triangle MicroWorks has issued an update to correct this vulnerability.	url:	https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new	Trust: 0.7
title:	Patch for Triangle MicroWorks SCADA Data Gateway Remote Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/585371	Trust: 0.6

sources: ZDI: ZDI-23-1032 // CNVD: CNVD-2024-36826

EXTERNAL IDS

db:	NVD	id:	CVE-2023-39464	Trust: 4.0
db:	ZDI	id:	ZDI-23-1032	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-029208	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-20538	Trust: 0.7
db:	CNVD	id:	CNVD-2024-36826	Trust: 0.6
db:	VULMON	id:	CVE-2023-39464	Trust: 0.1

sources: ZDI: ZDI-23-1032 // CNVD: CNVD-2024-36826 // VULMON: CVE-2023-39464 // JVNDB: JVNDB-2023-029208 // NVD: CVE-2023-39464

REFERENCES

url:	https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new	Trust: 2.5
url:	https://www.zerodayinitiative.com/advisories/zdi-23-1032/	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-39464	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-39464	Trust: 0.6

sources: ZDI: ZDI-23-1032 // CNVD: CNVD-2024-36826 // VULMON: CVE-2023-39464 // JVNDB: JVNDB-2023-029208 // NVD: CVE-2023-39464

CREDITS

Team ECQ

Trust: 0.7

sources: ZDI: ZDI-23-1032

SOURCES

db:	ZDI	id:	ZDI-23-1032
db:	CNVD	id:	CNVD-2024-36826
db:	VULMON	id:	CVE-2023-39464
db:	JVNDB	id:	JVNDB-2023-029208
db:	NVD	id:	CVE-2023-39464

LAST UPDATE DATE

2025-06-21T23:06:39.797000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-1032	date:	2023-08-04T00:00:00
db:	CNVD	id:	CNVD-2024-36826	date:	2024-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2023-029208	date:	2025-06-20T02:24:00
db:	NVD	id:	CVE-2023-39464	date:	2025-06-17T21:03:26.297

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-1032	date:	2023-08-04T00:00:00
db:	CNVD	id:	CNVD-2024-36826	date:	2024-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2023-029208	date:	2025-06-20T00:00:00
db:	NVD	id:	CVE-2023-39464	date:	2024-05-03T03:15:11.870