CVE-2020-10611

CRITICAL Year: 2020
CVSS v3 Score
9.8
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-843
View all →

Vulnerability Description

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets.

Related Vulnerabilities

CVE-2012-0507

CRITICAL
CVSS:9.8(Critical)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to af...

CWE-8432012

CVE-2016-1000005

CRITICAL
CVSS:9.8(Critical)

mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9....

CWE-8432016

CVE-2018-9471

CRITICAL
CVSS:9.8(Critical)

In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no addition...

CWE-8432018

CVE-2019-10231

CRITICAL
CVSS:9.8(Critical)

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).

CWE-8432019

CVE-2019-14537

CRITICAL
CVSS:9.8(Critical)

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.

CWE-8432019

CVE-2019-20571

CRITICAL
CVSS:9.8(Critical)

An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. There is type confusion in the WVDRM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14...

CWE-8432019