Cyber Resilience

CVE-2023-39461

Medium

Published: 03 May 2024

Published
03 May 2024
Modified
17 June 2025
KEV Added
Patch
CVSS Score v3 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0016 37.0th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-39461 is a medium-severity Improper Output Neutralization for Logs (CWE-117) vulnerability in Trianglemicroworks Scada Data Gateway. Its CVSS base score is 4.4 (Medium).

Operationally, ranked at the 37.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit…

more

this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

trianglemicroworks
scada data gateway
5.1.3.20324

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-117

Policy and procedures require sanitization and neutralization when generating audit logs to avoid injection issues.

addresses: CWE-117

Requiring output to conform to expected content prevents unneutralized data from reaching logs.

References