Triangle MicroWorks SCADA Data Gateway (ICSA-20-105-03) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on stack-based buffer overflow, out-of-bounds read, and type confusion vulnerabilities in Triangle MicroWorks SCADA Data Gateway. Versions 2.41.0213 through 4.0.122 are affected. These vulnerabilities allow remote attackers to execute arbitrary code and disclose on affected installations of Triangle Microworks SCADA Data Gateway with DNP3 Outstation channels. Authentication is not required to exploit these vulnerabilities. Triangle Microworks recommends users update to Version 4.0.123. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.