Details of VAR-202308-2058

ID

VAR-202308-2058

CVE

CVE-2023-39457

TITLE

Triangle MicroWorks of SCADA Data Gateway Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2023-029201

DESCRIPTION

Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authentication. The issue results from missing authentication in the default system configuration. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20501. (DoS) It may be in a state

Trust: 2.79

sources: NVD: CVE-2023-39457 // JVNDB: JVNDB-2023-029201 // ZDI: ZDI-23-1025 // CNVD: CNVD-2025-07626

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07626

AFFECTED PRODUCTS

vendor:	triangle microworks	model:	scada data gateway	scope:	-	version:	-	Trust: 1.5
vendor:	trianglemicroworks	model:	scada data gateway	scope:	eq	version:	5.1.3.20324	Trust: 1.0
vendor:	triangle microworks	model:	scada data gateway	scope:	eq	version:	5.1.3.20324	Trust: 0.8
vendor:	triangle microworks	model:	scada data gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	triangle	model:	microworks scada data gateway	scope:	-	version:	-	Trust: 0.6

sources: ZDI: ZDI-23-1025 // CNVD: CNVD-2025-07626 // JVNDB: JVNDB-2023-029201 // NVD: CVE-2023-39457

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-39457
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2023-029201
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2023-39457
value:	CRITICAL
Trust: 0.7
CNVD:	CNVD-2025-07626
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-07626
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2023-39457
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0
OTHER:	JVNDB-2023-029201
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2023-39457
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-1025 // CNVD: CNVD-2025-07626 // JVNDB: JVNDB-2023-029201 // NVD: CVE-2023-39457

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for critical features (CWE-306) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-029201 // NVD: CVE-2023-39457

PATCH

title:	Triangle MicroWorks has issued an update to correct this vulnerability.	url:	https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new	Trust: 0.7
title:	Patch for Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/680426	Trust: 0.6
title:	-	url:	https://github.com/ZENDATA-Cybersecurity/Newsletter	Trust: 0.1

sources: ZDI: ZDI-23-1025 // CNVD: CNVD-2025-07626 // VULMON: CVE-2023-39457

EXTERNAL IDS

db:	NVD	id:	CVE-2023-39457	Trust: 4.0
db:	ZDI	id:	ZDI-23-1025	Trust: 2.5
db:	JVNDB	id:	JVNDB-2023-029201	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-20501	Trust: 0.7
db:	CNVD	id:	CNVD-2025-07626	Trust: 0.6
db:	VULMON	id:	CVE-2023-39457	Trust: 0.1

sources: ZDI: ZDI-23-1025 // CNVD: CNVD-2025-07626 // VULMON: CVE-2023-39457 // JVNDB: JVNDB-2023-029201 // NVD: CVE-2023-39457

REFERENCES

url:	https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new	Trust: 2.5
url:	https://www.zerodayinitiative.com/advisories/zdi-23-1025/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-39457	Trust: 1.4
url:	https://github.com/zendata-cybersecurity/newsletter	Trust: 0.1

sources: ZDI: ZDI-23-1025 // CNVD: CNVD-2025-07626 // VULMON: CVE-2023-39457 // JVNDB: JVNDB-2023-029201 // NVD: CVE-2023-39457

CREDITS

Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov

Trust: 0.7

sources: ZDI: ZDI-23-1025

SOURCES

db:	ZDI	id:	ZDI-23-1025
db:	CNVD	id:	CNVD-2025-07626
db:	VULMON	id:	CVE-2023-39457
db:	JVNDB	id:	JVNDB-2023-029201
db:	NVD	id:	CVE-2023-39457

LAST UPDATE DATE

2025-06-20T23:06:59.492000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-1025	date:	2023-08-04T00:00:00
db:	CNVD	id:	CNVD-2025-07626	date:	2025-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2023-029201	date:	2025-06-19T01:31:00
db:	NVD	id:	CVE-2023-39457	date:	2025-06-17T21:03:54.923

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-1025	date:	2023-08-04T00:00:00
db:	CNVD	id:	CNVD-2025-07626	date:	2025-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2023-029201	date:	2025-06-19T00:00:00
db:	NVD	id:	CVE-2023-39457	date:	2024-05-03T03:15:10.647