Security Advisory

CVE-2023-2187

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-06-07 06:42:31

Last updated 2025-01-06 21:08:41

Assigner trellix

State PUBLISHED

Description

On Triangle MicroWorks SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events.

← Browse all CVEs View on cve.org ↗