Approved changes feed: RSS · Atom

cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorTrianglemicroworks (0b7b427a-71ef-59c0-bead-7644673035b6)
ProductScada Data Gateway (c60347e8-f1db-5318-bfd8-30cdfc9a201f)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-39467 vulnerable 2026-06-08 06:09:37.544281 Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability
MEDIUM (5.3)
Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of certificate web directory. The issue results from the exposure of sensitive information in the application webroot. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20798.
Published: 2024-05-03T01:59:29.616Z
Updated: 2024-08-02T18:10:20.678Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-39465 vulnerable 2026-06-08 06:09:37.543532 Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability
HIGH (7.5)
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615.
Published: 2024-05-03T01:59:28.085Z
Updated: 2024-08-02T18:10:21.061Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-39459 vulnerable 2026-06-08 06:09:37.537831 Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability
HIGH (7.8)
Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531.
Published: 2024-05-03T01:59:23.567Z
Updated: 2024-08-02T18:10:20.767Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-2187 vulnerable 2026-06-08 06:02:41.581216 Details available
MEDIUM (5.3)
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events.
Published: 2023-06-07T06:42:31.345Z
Updated: 2025-01-06T21:08:41.518Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-2186 vulnerable 2026-06-08 06:02:41.580509 Details available
HIGH (8.2)
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution.
Published: 2023-06-07T06:37:33.280Z
Updated: 2025-01-06T20:10:28.548Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-10615 vulnerable 2026-06-08 05:16:35.389592 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-10613 vulnerable 2026-06-08 05:16:35.387572 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-10611 vulnerable 2026-06-08 05:16:35.385141 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-2343 vulnerable 2026-06-08 05:05:28.554314 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-2342 vulnerable 2026-06-08 05:05:28.524901 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.