漏洞标题
Triangle MicroWorks SCADA Data Gateway的get_config缺少身份验证信息泄露漏洞
漏洞描述信息
Triangle MicroWorks SCADA数据网关get_config缺少身份验证信息泄露漏洞。此漏洞允许远程攻击者在Triangle MicroWorks SCADA数据网关受影响的安装中泄露敏感信息。无需身份验证即可利用此漏洞。
具体漏洞存在于get_config端点中。问题在于在允许访问功能之前缺乏身份验证。攻击者可以利用此漏洞泄露敏感信息。该漏洞被标识为ZDI-CAN-20797。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
关键功能的认证机制缺失
漏洞标题
Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability
漏洞描述信息
Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797.
CVSS信息
N/A
漏洞类别
关键功能的认证机制缺失
漏洞标题
Triangle MicroWorks SCADA Data Gateway 安全漏洞
漏洞描述信息
Triangle MicroWorks SCADA Data Gateway是美国Triangle MicroWorks公司的一款SCADA数据网关产品。 Triangle MicroWorks SCADA Data Gateway存在安全漏洞,该漏洞源于get_config 端点中存在特定缺陷,允许远程攻击者泄露敏感信息。
CVSS信息
N/A
漏洞类别
其他