CVE-2023-39467 Vulnerability Details

  /     /     /  

CVE-2023-39467 Metadata Quick Info

CVE Published: 03/05/2024 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: zdi | Vendor: Triangle MicroWorks | Product: SCADA Data Gateway
Status : PUBLISHED

---

CVE-2023-39467 Description

Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of certificate web directory. The issue results from the exposure of sensitive information in the application webroot. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20798.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-219
CWE Name: CWE-219: Storage of File with Sensitive Data Under Web Root
Source: Triangle MicroWorks

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).