CVE-2023-39467 – This vulnerability allows remote attackers to a... (How to Fix)

Q: What is the severity of CVE-2023-39467?

CVE-2023-39467 has a CVSS score of 5.3 (MEDIUM). This vulnerability allows remote attackers to access sensitive certificate information without authentication in Triangle MicroWorks SCADA Data Gateway. The flaw exposes certificate files in the web directory, potentially revealing cryptographic materials. Organizations using this SCADA/ICS gateway software are affected.

📋 TL;DR

This vulnerability allows remote attackers to access sensitive certificate information without authentication in Triangle MicroWorks SCADA Data Gateway. The flaw exposes certificate files in the web directory, potentially revealing cryptographic materials. Organizations using this SCADA/ICS gateway software are affected.

💻 Affected Systems

Products:

Triangle MicroWorks SCADA Data Gateway

Versions: Versions prior to 5.1.0.107

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations where certificate web directory is improperly configured.

📦 What is this software?

Scada Data Gateway by Trianglemicroworks

View all CVEs affecting Scada Data Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain private certificates enabling man-in-the-middle attacks, credential theft, or further system compromise in industrial control environments.

🟠

Likely Case

Sensitive certificate information disclosure allowing attackers to map system architecture and plan targeted attacks.

🟢

If Mitigated

Limited information exposure with no direct system compromise if certificates are properly segregated and monitored.

🌐 Internet-Facing: HIGH - No authentication required and remote exploitation possible makes internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to gather sensitive information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple directory traversal or direct web access to certificate files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.1.0.107

Vendor Advisory: https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new

Restart Required: Yes

Instructions:

1. Download version 5.1.0.107 or later from Triangle MicroWorks. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the SCADA Data Gateway service.

🔧 Temporary Workarounds

Restrict web directory access

windows

Configure web server to block access to certificate directories

# Configure IIS/web server to deny access to certificate directories
# Use appropriate access control lists for the webroot

Network segmentation

all

Isolate SCADA Data Gateway from untrusted networks

# Configure firewall rules to restrict access to gateway
# Implement network segmentation per ICS security best practices

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the SCADA Data Gateway web interface
Monitor and alert on access attempts to certificate directories in web logs

🔍 How to Verify

Check if Vulnerable:

Check if certificate files are accessible via web browser at paths like /certificates/ or similar web-accessible directories

Check Version:

Check version in SCADA Data Gateway administration interface or About dialog

Verify Fix Applied:

Verify version is 5.1.0.107 or later and test that certificate directories are no longer web-accessible

📡 Detection & Monitoring

Log Indicators:

HTTP requests to certificate file paths
Unauthenticated access to sensitive directories

Network Indicators:

Unusual HTTP GET requests for .cer, .pem, .pfx files
Traffic to certificate directories from unauthorized sources

SIEM Query:

source="web_logs" AND (url="*cert*" OR url="*.cer" OR url="*.pem" OR url="*.pfx") AND status=200

📊 Metadata

CVE ID: CVE-2023-39467

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-219

Published: May 3, 2024

Last Updated: June 17, 2025

🔗 References

https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-23-1035/ Third Party Advisory
https://www.trianglemicroworks.com/products/scada-data-gateway/what's-new Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-23-1035/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39467, you might also want to check these: