On Triangle MicroWorks' SCADA Data Gateway version <= v5...
Moderate severity
Unreviewed
Published
Jun 7, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Jun 7, 2023
Published to the GitHub Advisory Database
Jun 7, 2023
Last updated
Apr 4, 2024
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events.
References