CVE-2023-39459 – This vulnerability in Triangle MicroWorks SCADA... (How to Fix)

Q: What is the severity of CVE-2023-39459?

CVE-2023-39459 has a CVSS score of 7.8 (HIGH). This vulnerability in Triangle MicroWorks SCADA Data Gateway allows remote attackers to create arbitrary files on affected systems by exploiting directory traversal in workspace file processing. Attackers can leverage this to create files with Administrator privileges, potentially leading to system compromise. User interaction is required (victim must visit malicious page or open malicious file).

📋 TL;DR

This vulnerability in Triangle MicroWorks SCADA Data Gateway allows remote attackers to create arbitrary files on affected systems by exploiting directory traversal in workspace file processing. Attackers can leverage this to create files with Administrator privileges, potentially leading to system compromise. User interaction is required (victim must visit malicious page or open malicious file).

💻 Affected Systems

Products:

Triangle MicroWorks SCADA Data Gateway

Versions: Versions prior to the fix (specific version range not provided in references)

Operating Systems: Windows (typically used for SCADA systems)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects installations where workspace files are processed; typical in SCADA/OT environments.

📦 What is this software?

Scada Data Gateway by Trianglemicroworks

View all CVEs affecting Scada Data Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary file creation leading to remote code execution, persistence mechanisms, or complete control of SCADA systems.

🟠

Likely Case

Attackers create malicious files to establish persistence, deploy malware, or manipulate SCADA operations through crafted configuration files.

🟢

If Mitigated

Limited impact with proper network segmentation, file integrity monitoring, and least privilege principles preventing escalation.

🌐 Internet-Facing: MEDIUM - Requires user interaction but could be delivered via phishing or compromised websites targeting SCADA operators.

🏢 Internal Only: HIGH - Internal attackers or compromised workstations could exploit this to pivot within OT/SCADA networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires user interaction but exploitation is straightforward once malicious file/page is accessed. ZDI advisory suggests weaponization is probable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest version from vendor advisory

Vendor Advisory: https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new

Restart Required: Yes

Instructions:

1. Check current version. 2. Download latest version from vendor website. 3. Backup configuration. 4. Install update. 5. Restart service/system.

🔧 Temporary Workarounds

Restrict workspace file sources

all

Only allow workspace files from trusted sources and implement file validation

Implement application whitelisting

windows

Use Windows AppLocker or similar to restrict execution to authorized applications only

🧯 If You Can't Patch

Implement strict network segmentation to isolate SCADA Data Gateway from untrusted networks
Deploy file integrity monitoring and restrict file creation permissions for the service account

🔍 How to Verify

Check if Vulnerable:

Check installed version against vendor advisory; if using version prior to fix, system is vulnerable

Check Version:

Check application version in GUI or installation directory properties

Verify Fix Applied:

Verify version matches patched version from vendor advisory and test workspace file processing with controlled inputs

📡 Detection & Monitoring

Log Indicators:

Unusual file creation events in SCADA Data Gateway logs
Workspace file processing errors or anomalies

Network Indicators:

Unexpected external connections from SCADA system
Suspicious file transfers to/from gateway

SIEM Query:

source="scada_gateway" AND (event_type="file_create" OR event_type="workspace_process") AND file_path CONTAINS ".."

📊 Metadata

CVE ID: CVE-2023-39459

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: May 3, 2024

Last Updated: June 17, 2025

🔗 References

https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-23-1027/ Third Party Advisory
https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-23-1027/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39459, you might also want to check these: