Triangle MicroWorks SCADA Data Gateway

Act Now9.8ICS-CERT ICSA-20-105-03Apr 14, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Triangle MicroWorks SCADA Data Gateway versions 2.41.0213 through 4.0.122 contain buffer overflow and type confusion vulnerabilities (CWE-121, CWE-125, CWE-843) in DNP3 Outstation channels. Remote attackers can execute arbitrary code and disclose sensitive information without authentication required.

What this means

What could happen

An attacker could run arbitrary code on your SCADA Data Gateway, potentially reading confidential data from your control network or altering data flowing between field devices and your supervisory systems. This could disrupt communications with DNP3-enabled RTUs and affect visibility and control of critical infrastructure.

Who's at risk

Energy sector utilities using Triangle MicroWorks SCADA Data Gateway for DNP3 communication with field devices such as RTUs, protective relays, and metering equipment are affected. This includes municipal electric utilities, generation facilities, transmission operators, and distribution companies that rely on DNP3 for SCADA data collection.

How it could be exploited

An attacker can send specially crafted DNP3 protocol messages to the Data Gateway over the network. The buffer overflow and type confusion flaws allow the attacker to execute arbitrary code without providing valid credentials. If the Data Gateway is exposed to the network or behind a firewall that accepts DNP3 traffic, exploitation can occur remotely.

Prerequisites

Network access to DNP3 Outstation port on the Data Gateway (typically UDP 20000 or TCP 20000)
No authentication required
Affected version running (2.41.0213 through 4.0.122)

remotely exploitableno authentication requiredlow complexityhigh CVSS (9.8)high EPSS score (9%)no patch available yet

Exploitability

Moderate exploit probability (EPSS 9.0%)

Affected products (1)

ProductAffected VersionsFix Status

SCADA Data Gateway: 2.41.0213 through 4.0.122≥ 2.41.0213 | ≤ 4.0.1224.0.123

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDisable or restrict DNP3 Outstation channels if not required for operations

HARDENINGBlock inbound access to DNP3 ports (typically UDP/TCP 20000) from untrusted networks using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Triangle MicroWorks SCADA Data Gateway to version 4.0.123 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate the SCADA Data Gateway behind a firewall, preventing direct Internet exposure

HARDENINGUse VPNs or secure remote access methods if remote management of the Data Gateway is required

CVEs (3)

CVE-2020-10615 CVE-2020-10613 CVE-2020-10611

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b7df5a7f-1093-4553-b7ec-5f1b245066a5