Triangle MicroWorks, a U.S.-based company, provides a broad portfolio of communications-protocol solutions, including protocol software libraries, PC-based test and configuration tools, OPC drivers, and protocol gateways. Its products are deployed worldwide, primarily by software and hardware vendors.
SCADA Data Gateway is Triangle MicroWorks’ Windows application that lets system integrators and utilities collect data from OPC (UA & Classic), IEC 60870-6 (TASE.2/ICCP), IEC 61850, IEC 60870-5, DNP3, or Modbus Server/Slave devices, and then supply that data to control systems that act as OPC (UA & Classic), IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, or Modbus Client/Master endpoints.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently disclosed that Triangle MicroWorks SCADA Data Gateway versions 2.41.0213 through 4.0.122 are affected by three security vulnerabilities. All three flaws were reported during the Pwn2Own 2020 contest under the Trend Micro Zero Day Initiative (ZDI) program.
- CVE-2020-10611 (CVSS 9.8) – Type-Confusion in Dataset-Element Processing
The software fails to properly validate user-supplied data when handling dataset elements. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of SYSTEM. The flaw only affects installations using DNP3 datasets. - Stack-based Buffer Overflow in GET_FILE_INFO Opcode Handling
Before copying user-supplied data into a fixed-length stack buffer, the application does not adequately verify its length. A remote attacker can leverage this flaw to cause denial-of-service conditions. CISA assigns the issue a CVSS v3 base score of 7.5, while ZDI rates it at 9.8. - CVE-2020-10613 – Out-of-Bounds Read in Dataset-Descriptor Processing
The vulnerability exists in the dataset-descriptor handling routine. A remote attacker can exploit it to leak sensitive information. Like CVE-2020-10611, this issue only impacts installations utilizing DNP3 datasets.
None of the three vulnerabilities require authentication to be exploited.
Triangle MicroWorks has resolved all three flaws in SCADA Data Gateway version 4.0.123. Users are strongly advised to download and apply this update immediately.
