exploitDog

GHSA-qp2h-3p7w-4v89

Опубликовано: 07 июн. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events.

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events.

Ссылки

EPSS

Процентиль: 28%

0.00101

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-306

Связанные уязвимости

CVE-2023-2187

CVSS3: 5.3

nvd

больше 2 лет назад

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events.

BDU:2023-03107

CVSS3: 5.3

fstec

почти 3 года назад

Уязвимость компонента WebMonitor SCADA-системы SCADA Data Gateway (SDG), позволяющая нарушителю обойти процедуру аутентификации и повысить свои привилегии путем

EPSS

Процентиль: 28%

0.00101

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-306