Main Vulnerability Database Vulnerabilities #VU26959

#VU26959 Type Confusion in SCADA Data Gateway - CVE-2020-10611

Published: April 15, 2020

Vulnerability identifier: #VU26959

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-10611

CWE-ID: CWE-843

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SCADA Data Gateway

Software vendor:
Triangle MicroWorks, Inc.

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error. A remote attacker can trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following versions of SCADA Data Gateway software:

3.02.0697 through 4.0.122
2.41.0213 through 4.0.122

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsa-20-105-03

#VU26959 Type Confusion in SCADA Data Gateway - CVE-2020-10611

Description

Remediation

External links

Please verify you're human