Login Sign Up

CVE-2023-39465

7.5 HIGH

📋 TL;DR

Triangle MicroWorks SCADA Data Gateway contains a hard-coded cryptographic key and certificate vulnerability that allows remote attackers to decrypt sensitive information without authentication. This affects all installations using vulnerable versions of the SCADA Data Gateway software, potentially exposing industrial control system data.

💻 Affected Systems

Products:
  • Triangle MicroWorks SCADA Data Gateway
Versions: Versions prior to 5.1.2.120
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable as the hard-coded keys are embedded in the software.

📦 What is this software?

Scada Data Gateway by Trianglemicroworks

View all CVEs affecting Scada Data Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers decrypt all encrypted communications, gaining full access to SCADA/ICS data, potentially enabling industrial espionage, operational disruption, or preparation for further attacks.

🟠

Likely Case

Attackers intercept and decrypt sensitive operational data, gaining visibility into industrial processes and potentially identifying additional attack vectors.

🟢

If Mitigated

With network segmentation and proper access controls, impact is limited to the isolated network segment containing the vulnerable gateway.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances extremely vulnerable to automated attacks.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to access sensitive SCADA data.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is straightforward to exploit once the hard-coded keys are identified from the binary.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.1.2.120

Vendor Advisory: https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new

Restart Required: Yes

Instructions:

1. Download SCADA Data Gateway version 5.1.2.120 or later from Triangle MicroWorks. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the service. 5. Verify new version is running.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SCADA Data Gateway from untrusted networks and restrict access to authorized systems only.

Firewall Rules

all

Implement strict firewall rules to limit inbound connections to the SCADA Data Gateway.

🧯 If You Can't Patch

  • Segment the SCADA Data Gateway in a dedicated VLAN with strict access controls
  • Monitor network traffic to/from the gateway for unusual patterns or decryption attempts

🔍 How to Verify

Check if Vulnerable:

Check the installed version of SCADA Data Gateway via Windows Programs and Features or the application interface.

Check Version:

Check application properties or use Windows Management Instrumentation (wmic product get name,version)

Verify Fix Applied:

Verify the version is 5.1.2.120 or later and confirm with vendor documentation that cryptographic keys have been properly randomized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual connection attempts to SCADA Data Gateway
  • Failed decryption attempts or cryptographic errors

Network Indicators:

  • Unexpected traffic patterns to/from the gateway
  • Attempts to intercept encrypted communications

SIEM Query:

source="SCADA Data Gateway" AND (event_type="connection" OR event_type="crypto_error")

📊 Metadata

CVE ID: CVE-2023-39465
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-321
Published: May 3, 2024
Last Updated: June 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39465, you might also want to check these:

CVE-2024-30207 10.0

This vulnerability affects multiple SIMATIC RTLS Locating Manager products where communication betwe...

Same vulnerability type (CWE-321)
CVE-2025-34256 9.8

This vulnerability allows remote unauthenticated attackers to forge JWT tokens using a hard-coded cr...

Same vulnerability type (CWE-321)
CVE-2026-25894 9.8

An insecure default configuration in FUXA web-based SCADA/HMI software allows unauthenticated remote...

Same vulnerability type (CWE-321)