How severe is CVE-2023-39464?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2023-39464?

This is classified as CWE-428, which is a common weakness in software security.

CVE-2023-39464 - HIGH Severity | CVSS 7.2

Vulnerability Description

Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538.

Related Vulnerabilities

CVE-2019-16647

HIGH

CVSS:7.2(High)

Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.

CWE-4282019

CVE-2022-27905

HIGH

CVSS:7.2(High)

In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.

CWE-4282022

CVE-2017-7180

HIGH

CVSS:7.3(High)

Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privil...

CWE-4282017

CVE-2021-0112

HIGH

CVSS:7.3(High)

Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.

CWE-4282021

CVE-2022-36384

HIGH

CVSS:7.3(High)

Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation o...

CWE-4282022

CVE-2023-22282

HIGH

CVSS:7.3(High)

WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a ce...

CWE-4282023