How severe is CVE-2023-39466?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-39466?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2023-39466 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797.

Related Vulnerabilities

CVE-2011-4190

MEDIUM

CVSS:5.3(Medium)

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in tha...

CWE-3062011

CVE-2017-15123

MEDIUM

CVSS:5.3(Medium)

A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentia...

CWE-3062017

CVE-2018-1501

MEDIUM

CVSS:5.3(Medium)

IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226.

CWE-3062018

CVE-2018-1757

MEDIUM

CVSS:5.3(Medium)

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force...

CWE-3062018

CVE-2018-20507

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

CWE-3062018

CVE-2019-0312

MEDIUM

CVSS:5.3(Medium)

Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password pro...

CWE-3062019