CVE-2023-39468

Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20799.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new	Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-23-1036/	Third Party Advisory
https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new	Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-23-1036/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:*:*:*:*:*:*:*

History

17 Jun 2025, 21:02

Type	Values Removed	Values Added
First Time		Trianglemicroworks Trianglemicroworks scada Data Gateway
References	~~() https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new -~~	() https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new - Release Notes
References	~~() https://www.zerodayinitiative.com/advisories/ZDI-23-1036/ -~~	() https://www.zerodayinitiative.com/advisories/ZDI-23-1036/ - Third Party Advisory
CPE		cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3.20324:::::::*

21 Nov 2024, 08:15

Type	Values Removed	Values Added
Summary		(es) Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Vulnerabilidad de ejecución remota de código de función peligrosa expuesta. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en las instalaciones afectadas de Triangle MicroWorks SCADA Data Gateway. Se requiere autenticación para aprovechar esta vulnerabilidad. La falla específica existe en el manejo del parámetro DbasSectorFileToExecuteOnReset. El problema se debe a una función peligrosa expuesta. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de SYSTEM. Era ZDI-CAN-20799.
References	~~() https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new -~~	() https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new -
References	~~() https://www.zerodayinitiative.com/advisories/ZDI-23-1036/ -~~	() https://www.zerodayinitiative.com/advisories/ZDI-23-1036/ -

03 May 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-03 03:15

Updated : 2025-06-17 21:02

NVD link : CVE-2023-39468

Mitre link : CVE-2023-39468

CVE.ORG link : CVE-2023-39468

JSON object : View

Products Affected

trianglemicroworks

scada_data_gateway

CWE

CWE-749

Exposed Dangerous Method or Function

7.2 /10