CVE-2023-39459 - Vulnerability Details - OpenCVE

Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Trianglemicroworks	Scada Data Gateway

Configuration 1 [-]

cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new
https://www.zerodayinitiative.com/advisories/ZDI-23-1027/

History

Tue, 17 Jun 2025 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trianglemicroworks Trianglemicroworks scada Data Gateway
CPEs		cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3:::::::*
Vendors & Products		Trianglemicroworks Trianglemicroworks scada Data Gateway

MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2024-05-03T01:59:23.567Z

Updated: 2024-08-02T18:10:20.767Z

Reserved: 2023-08-02T21:37:23.121Z

Link: CVE-2023-39459

Vulnrichment

Updated: 2024-08-02T18:10:20.767Z

NVD

Status : Analyzed

Published: 2024-05-03T03:15:10.987

Modified: 2025-06-17T21:03:44.860

Link: CVE-2023-39459

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39459", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2023-08-02T21:37:23.121Z", "datePublished": "2024-05-03T01:59:23.567Z", "dateUpdated": "2024-08-02T18:10:20.767Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2024-05-03T01:59:23.567Z"}, "title": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability", "descriptions": [{"lang": "en", "value": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531."}], "affected": [{"vendor": "Triangle MicroWorks", "product": "SCADA Data Gateway", "versions": [{"version": "5.1.3", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/", "name": "ZDI-23-1027", "tags": ["x_research-advisory"]}, {"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2023-08-02T16:44:31.382-05:00", "datePublic": "2023-08-04T13:33:53.589-05:00", "source": {"lang": "en", "value": "Li Jiantao, Ngo Wei Lin, Pan Zhenpeng of STAR Labs SG Pte. Ltd."}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39459", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-07T19:23:56.632854Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"], "vendor": "trianglemicroworks", "product": "scada_data_gateway", "versions": [{"status": "affected", "version": "5.1.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:27:02.754Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:20.767Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/", "name": "ZDI-23-1027", "tags": ["x_research-advisory", "x_transferred"]}, {"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new", "name": "vendor-provided URL", "tags": ["vendor-advisory", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/", "name": "ZDI-23-1027", "tags": ["x_research-advisory", "x_transferred"]}, {"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new", "name": "vendor-provided URL", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:20.767Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39459", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-07T19:23:56.632854Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:trianglemicroworks:scada_data_gateway:*:*:*:*:*:*:*:*"], "vendor": "trianglemicroworks", "product": "scada_data_gateway", "versions": [{"status": "affected", "version": "5.1.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-07T19:23:25.251Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability", "source": {"lang": "en", "value": "Li Jiantao, Ngo Wei Lin, Pan Zhenpeng of STAR Labs SG Pte. Ltd."}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Triangle MicroWorks", "product": "SCADA Data Gateway", "versions": [{"status": "affected", "version": "5.1.3"}], "defaultStatus": "unknown"}], "datePublic": "2023-08-04T13:33:53.589-05:00", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/", "name": "ZDI-23-1027", "tags": ["x_research-advisory"]}, {"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2023-08-02T16:44:31.382-05:00", "descriptions": [{"lang": "en", "value": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2024-05-03T01:59:23.567Z"}}}, "cveMetadata": {"cveId": "CVE-2023-39459", "state": "PUBLISHED", "dateUpdated": "2024-08-02T18:10:20.767Z", "dateReserved": "2023-08-02T21:37:23.121Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2024-05-03T01:59:23.567Z", "assignerShortName": "zdi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trianglemicroworks:scada_data_gateway:5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E52553E2-31EB-48D8-AB17-167CE092FB8C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531."}, {"lang": "es", "value": "Vulnerabilidad de creaci\u00f3n de archivos arbitrarios Directory Traversal de puerta de enlace de datos SCADA de Triangle MicroWorks. Esta vulnerabilidad permite a atacantes remotos crear archivos arbitrarios en las instalaciones afectadas de Triangle MicroWorks SCADA Data Gateway. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el procesamiento de archivos del espacio de trabajo. El problema se debe a la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones de archivos. Un atacante puede aprovechar esta vulnerabilidad para crear archivos en el contexto del Administrador. Era ZDI-CAN-20531."}], "id": "CVE-2023-39459", "lastModified": "2025-06-17T21:03:44.860", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2024-05-03T03:15:10.987", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Release Notes"], "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1027/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}