漏洞标题
Triangle MicroWorks SCADA Data Gateway Workspace任意文件上传漏洞
漏洞描述信息
Triangle MicroWorks SCADA数据网关工作区无限制上传漏洞。此漏洞允许远程攻击者在受影响的Triangle MicroWorks SCADA数据网关安装上上传任意文件。虽然利用此漏洞需要身份验证,但现有的身份验证机制可以被绕过。
具体漏洞存在于工作区文件的处理中。问题源于对用户提供的数据缺乏适当的验证,这可能导致任意文件的上传。攻击者可以利用此漏洞与其他漏洞结合,以root权限执行任意代码。该漏洞被标识为ZDI-CAN-20536。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
危险类型文件的不加限制上传
漏洞标题
Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability
漏洞描述信息
Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilitites to execute arbitrary code in the context of root. Was ZDI-CAN-20536.
CVSS信息
N/A
漏洞类别
危险类型文件的不加限制上传
漏洞标题
Triangle MicroWorks SCADA Data Gateway 安全漏洞
漏洞描述信息
Triangle MicroWorks SCADA Data Gateway是美国Triangle MicroWorks公司的一款SCADA数据网关产品。 Triangle MicroWorks SCADA Data Gateway存在安全漏洞,该漏洞源于工作区文件的处理中存在特定缺陷,允许远程攻击者上传任意文件。
CVSS信息
N/A
漏洞类别
其他