VYPR

Vendor CVEs

Trianglemicroworks

All CVEs

25 total · sorted by risk
  • CVE-2020-10611Apr 15, 2020
    risk 0.01cvss epss 0.05

    Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not…

  • CVE-2024-34057Sep 18, 2024
    risk 0.00cvss epss 0.00

    Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.

  • CVE-2022-0369May 7, 2024
    risk 0.00cvss epss 0.02

    Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is…

  • CVE-2023-39468May 3, 2024
    risk 0.00cvss epss 0.01

    Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway.…

  • CVE-2023-39467May 3, 2024
    risk 0.00cvss epss 0.01

    Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit…

  • CVE-2023-39466May 3, 2024
    risk 0.00cvss epss 0.01

    Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not…

  • CVE-2023-39465May 3, 2024
    risk 0.00cvss epss 0.01

    Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not…

  • CVE-2023-39464May 3, 2024
    risk 0.00cvss epss 0.02

    Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is…

  • CVE-2023-39463May 3, 2024
    risk 0.00cvss epss 0.01

    Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although…

  • CVE-2023-39462May 3, 2024
    risk 0.00cvss epss 0.01

    Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this…

  • CVE-2023-39461May 3, 2024
    risk 0.00cvss epss 0.01

    Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although…

  • CVE-2023-39460May 3, 2024
    risk 0.00cvss epss 0.03

    Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is…

  • CVE-2023-39459May 3, 2024
    risk 0.00cvss epss 0.01

    Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit…

  • CVE-2023-39458May 3, 2024
    risk 0.00cvss epss 0.00

    Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not…

  • CVE-2023-39457May 3, 2024
    risk 0.00cvss epss 0.02

    Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. …

  • CVE-2023-2187Jun 7, 2023
    risk 0.00cvss epss 0.01

    On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password…

  • CVE-2023-2186Jun 7, 2023
    risk 0.00cvss epss 0.01

    On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this…

  • CVE-2022-38138Oct 11, 2022
    risk 0.00cvss epss 0.01

    The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2)…

  • CVE-2020-6996Apr 15, 2020
    risk 0.00cvss epss 0.01

    Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. A specially crafted message may cause a stack-based buffer overflow. Authentication is not required to…

  • CVE-2020-10613Apr 15, 2020
    risk 0.00cvss epss 0.02

    Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure.…

  • CVE-2020-10615Apr 15, 2020
    risk 0.00cvss epss 0.03

    Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based…

  • CVE-2014-2343May 30, 2014
    risk 0.00cvss epss 0.00

    Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.

  • CVE-2014-2342May 30, 2014
    risk 0.00cvss epss 0.02

    Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet.

  • CVE-2013-2794Sep 9, 2013
    risk 0.00cvss epss 0.00

    Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input…

  • CVE-2013-2793Sep 9, 2013
    risk 0.00cvss epss 0.01

    Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.