Cyber Resilience

CVE-2023-39464

High

Published: 03 May 2024

Published
03 May 2024
Modified
17 June 2025
KEV Added
Patch
CVSS Score v3 7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0023 46.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-39464 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Trianglemicroworks Scada Data Gateway. Its CVSS base score is 7.2 (High).

Operationally, ranked at the 46.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing…

more

authentication mechanism can be bypassed. The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

trianglemicroworks
scada data gateway
5.1.3.20324

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References