Vulnerabilites related to trihedral - vtscada
Vulnerability from fkie_nvd
Published
2017-06-21 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/99066 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 | Mitigation, Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99066 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 | Mitigation, Patch, Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA214CB5-FBA6-4996-9B94-0E69BE2E4BBB",
"versionEndIncluding": "11.2.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de Exposici\u00f3n de Informaci\u00f3n en Trihedral VTScada versiones anteriores a 11.2.26. Algunos archivos se exponen dentro de la aplicaci\u00f3n del servidor web a usuarios no autenticados. Estos archivos pueden contener informaci\u00f3n de configuraci\u00f3n confidencial."
}
],
"id": "CVE-2017-6045",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-21T19:29:00.307",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99066"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-548"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-09 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5FB3C2-42F0-4112-835F-EF71D4E17D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "49946BC8-E01F-4F74-88B4-5F0B1A6179C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.1.07:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9BB54A-83AE-41F8-B40B-BC3CB37683DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA21497-E048-4510-AA31-887235217F80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F47D9BD4-A05E-4696-A6D9-7AEFE20BBD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A85151-B206-4307-88C3-9107366C867F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.0.08:*:*:*:*:*:*:*",
"matchCriteriaId": "3A1D1396-B8FA-4092-B136-899E2167B446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "C1277933-197D-45D8-940C-1951212F9D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5D9BD5-6C99-45E0-9CE0-B25C2C5353F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "42DB3997-3DCF-403F-B054-3F8AF25BC089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "B5535DFC-4C77-4339-9C7A-C38BEC4404BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC20DC9-6606-460E-97AE-02D1F579E37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2BF11-CE15-4216-928B-BF63B587FE8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCCFB2C-00B7-4828-BCE3-97EBC4057669",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EB9BB9-F8C9-4661-AC5A-E3FD79AD4EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.0.07:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6832C-B4EA-4A72-8ADF-B17F76DEE676",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.05:*:*:*:*:*:*:*",
"matchCriteriaId": "40460E2C-6919-4BF1-9E24-B3EE408FA995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.07:*:*:*:*:*:*:*",
"matchCriteriaId": "3C031266-31AF-436C-9F36-D7112D1EE9BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.08:*:*:*:*:*:*:*",
"matchCriteriaId": "862D6C1B-0765-43C9-BD39-7C9F90025C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "95A94950-0F03-42FD-A74D-8ADE7A59DDD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1798A8-EC8D-4CC5-AEBA-16EC45D1E754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "57B7C44C-9920-439A-BDDD-EC3C3DC171A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4BFACD-CEDB-4F1C-8BA6-E8B0BEF735F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "10349B72-13D3-4B70-B8CB-1223381F3630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "721D6C57-2ADA-4400-A876-80281819CE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4266371D-4476-4455-8CAF-83DAD092783C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "92EBB482-30B1-4AB3-A26A-0F1B66DFE5F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC79329-249A-41C6-A545-B681DD494606",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "35A5A441-F299-4E51-B2BF-872F263AC96C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D881DA9B-332A-47B0-9E1D-3936CC0E1761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB1488E-ABD2-443A-B51C-328FF32D4E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB14116-AA51-408D-B632-5605CCD18D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1122D8-6E21-40A8-916A-E66622146CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0611D9-9C16-480A-BDB8-CC4FA289E6FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED3D431-13B0-4A2C-BE9F-64B89877DEEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C1112A-8D28-4E58-B6E6-A8E95C09B06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "9155F402-CED2-47BE-A77E-04B8CA33C820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B0BC5077-7CE2-4670-8DCE-89168EB9EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3121360F-A114-46C9-A2D2-183B9481E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0EAFD7-0D67-4865-8537-E81B193A11B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0921489A-10AA-46D1-AD45-F29F0D97E302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BB39D-3EC5-4F81-9AB8-C003FB40ECE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F18ED0-7095-4126-B839-688994778D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5775D09F-02F8-45FE-94E4-B5BAB6A5FFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA6AD0D-B2EA-4112-B437-F87C4265B9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6C41FA48-FDAF-48FC-9E98-F95C2E9AC835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "EA71226A-7AFA-4185-A8A5-174C44C173C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1203617F-45D8-47C3-B32D-0F0DED539D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF04525-41E4-4DEE-BBF0-268F8B6969DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "697CBAB8-7025-44A6-A5A6-AFDDFA506CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC6FD46-0B0B-4859-A25C-292257454B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C42E3FF1-2FF0-433A-B450-185079707242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "591B8DE2-8150-4E4B-B293-D58598112E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D4C8A2-1B3B-4A2C-BADC-B3745F4001F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la interfaz WAP en Trihedral VTScada (anteriormente VTS) 8.x hasta la versi\u00f3n 11.x en versiones anteriores a 11.2.02 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de nombres de ruta manipuladas."
}
],
"id": "CVE-2016-4532",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-09T10:59:05.340",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/91077"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-403"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-06 22:29
Modified
2025-04-20 01:37
Severity ?
Summary
An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E89749-F4C5-4044-928B-E8D3658E9CB3",
"versionEndIncluding": "11.3.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de control de acceso incorrecto en Trihedral VTScada en la versi\u00f3n 11.3.03 y anteriores. Un usuario local no administrador tiene privilegios para leer y escribir en el sistema de archivos de la m\u00e1quina objetivo."
}
],
"id": "CVE-2017-14031",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-06T22:29:00.380",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-11 15:59
Modified
2025-07-25 17:15
Severity ?
Summary
Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/71591 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm | ||
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/71591 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "484C73EE-529B-46EE-9B2F-009EC6E524D9",
"versionEndExcluding": "9.1.20",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D41BC6F8-1088-44D0-9B91-EE6546D04772",
"versionEndExcluding": "10.2.22",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBE315F-99C1-4A04-9E17-C95BBBD238DD",
"versionEndExcluding": "11.1.07",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en Trihedral Engineering VTScada (anteriormente VTS) 6.5 hasta 9.x anterior a 9.1.20, 10.x anterior a 10.2.22, y 11.x anterior a 11.1.07 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del servidor) a trav\u00e9s de una solicitud manipulada, lo que provoca una reserva de memoria grande."
}
],
"id": "CVE-2014-9192",
"lastModified": "2025-07-25T17:15:27.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-11T15:59:04.773",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71591"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-09 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5FB3C2-42F0-4112-835F-EF71D4E17D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "49946BC8-E01F-4F74-88B4-5F0B1A6179C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.1.07:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9BB54A-83AE-41F8-B40B-BC3CB37683DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA21497-E048-4510-AA31-887235217F80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "697CBAB8-7025-44A6-A5A6-AFDDFA506CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC6FD46-0B0B-4859-A25C-292257454B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C42E3FF1-2FF0-433A-B450-185079707242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "591B8DE2-8150-4E4B-B293-D58598112E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D4C8A2-1B3B-4A2C-BADC-B3745F4001F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED3D431-13B0-4A2C-BE9F-64B89877DEEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C1112A-8D28-4E58-B6E6-A8E95C09B06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "9155F402-CED2-47BE-A77E-04B8CA33C820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B0BC5077-7CE2-4670-8DCE-89168EB9EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3121360F-A114-46C9-A2D2-183B9481E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0EAFD7-0D67-4865-8537-E81B193A11B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0921489A-10AA-46D1-AD45-F29F0D97E302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BB39D-3EC5-4F81-9AB8-C003FB40ECE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F18ED0-7095-4126-B839-688994778D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5775D09F-02F8-45FE-94E4-B5BAB6A5FFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA6AD0D-B2EA-4112-B437-F87C4265B9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6C41FA48-FDAF-48FC-9E98-F95C2E9AC835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "EA71226A-7AFA-4185-A8A5-174C44C173C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1203617F-45D8-47C3-B32D-0F0DED539D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF04525-41E4-4DEE-BBF0-268F8B6969DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "35A5A441-F299-4E51-B2BF-872F263AC96C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D881DA9B-332A-47B0-9E1D-3936CC0E1761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB1488E-ABD2-443A-B51C-328FF32D4E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB14116-AA51-408D-B632-5605CCD18D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1122D8-6E21-40A8-916A-E66622146CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0611D9-9C16-480A-BDB8-CC4FA289E6FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.05:*:*:*:*:*:*:*",
"matchCriteriaId": "40460E2C-6919-4BF1-9E24-B3EE408FA995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.07:*:*:*:*:*:*:*",
"matchCriteriaId": "3C031266-31AF-436C-9F36-D7112D1EE9BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.08:*:*:*:*:*:*:*",
"matchCriteriaId": "862D6C1B-0765-43C9-BD39-7C9F90025C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "95A94950-0F03-42FD-A74D-8ADE7A59DDD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1798A8-EC8D-4CC5-AEBA-16EC45D1E754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "57B7C44C-9920-439A-BDDD-EC3C3DC171A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4BFACD-CEDB-4F1C-8BA6-E8B0BEF735F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "10349B72-13D3-4B70-B8CB-1223381F3630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "721D6C57-2ADA-4400-A876-80281819CE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4266371D-4476-4455-8CAF-83DAD092783C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "92EBB482-30B1-4AB3-A26A-0F1B66DFE5F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC79329-249A-41C6-A545-B681DD494606",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F47D9BD4-A05E-4696-A6D9-7AEFE20BBD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A85151-B206-4307-88C3-9107366C867F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.0.08:*:*:*:*:*:*:*",
"matchCriteriaId": "3A1D1396-B8FA-4092-B136-899E2167B446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "C1277933-197D-45D8-940C-1951212F9D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5D9BD5-6C99-45E0-9CE0-B25C2C5353F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "42DB3997-3DCF-403F-B054-3F8AF25BC089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "B5535DFC-4C77-4339-9C7A-C38BEC4404BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC20DC9-6606-460E-97AE-02D1F579E37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2BF11-CE15-4216-928B-BF63B587FE8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCCFB2C-00B7-4828-BCE3-97EBC4057669",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EB9BB9-F8C9-4661-AC5A-E3FD79AD4EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.0.07:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6832C-B4EA-4A72-8ADF-B17F76DEE676",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "La interfaz WAP en Trihedral VTScada (anteriormente VTS) 8.x hasta la versi\u00f3n 11.x en versiones anteriores a 11.2.02 permite a atacantes remotos eludir autenticaci\u00f3n y leer archivos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4510",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-09T10:59:03.043",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/91077"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-404"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-21 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/99066 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 | Mitigation, Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99066 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 | Mitigation, Patch, Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA214CB5-FBA6-4996-9B94-0E69BE2E4BBB",
"versionEndIncluding": "11.2.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user\u0027s browser."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de tipo cross-site-scripting (XSS) en Trihedral VTScada versiones anteriores a 11.2.26. Una vulnerabilidad tipo cross-site-scripting (XSS) puede permitir que el c\u00f3digo JavaScript suministrado por el atacante se ejecute en el navegador del usuario."
}
],
"id": "CVE-2017-6053",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-21T19:29:00.370",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99066"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-21 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/99066 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 | Mitigation, Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99066 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 | Mitigation, Patch, Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA214CB5-FBA6-4996-9B94-0E69BE2E4BBB",
"versionEndIncluding": "11.2.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de consumo de recursos en Trihedral VTScada versiones anteriores a 11.2.26. El cliente no comprueba apropiadamente la entrada ni limita la cantidad de recursos que son utilizados por un atacante, que puede ser usado para consumir m\u00e1s recursos de los que est\u00e1n disponibles."
}
],
"id": "CVE-2017-6043",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-21T19:29:00.277",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99066"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-09 10:59
Modified
2025-04-12 10:46
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/91077 | Broken Link, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | http://www.zerodayinitiative.com/advisories/ZDI-16-405 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91077 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-16-405 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01 | Third Party Advisory, US Government Resource |
{
"cisaActionDue": "2022-05-06",
"cisaExploitAdd": "2022-04-15",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB0C125-20F0-47CC-84C3-9355F45C5387",
"versionEndExcluding": "11.2.02",
"versionStartIncluding": "8.0.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors."
},
{
"lang": "es",
"value": "La interfaz WAP en Trihedral VTScada (anteriormente VTS) 8.x hasta la versi\u00f3n 11.x en versiones anteriores a 11.2.02 permite a atacantes remotos provocar una ca\u00edda de servicio (lectura fuera de rango y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4523",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2016-06-09T10:59:04.073",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91077"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-405"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-02 21:15
Modified
2024-11-21 07:18
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04 | Patch, Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FABA435-254B-4036-AE81-CC73C6F0A09C",
"versionEndIncluding": "12.0.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior.\u00a0A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. \n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de validaci\u00f3n de entrada incorrecta en Trihedral VTScada versi\u00f3n 12.0.38 y anteriores. Una solicitud HTTP espec\u00edficamente mal formada podr\u00eda provocar que el VTScada afectado fallara. Tanto los sistemas de red de \u00e1rea local (LAN) como los de Internet se ven afectados."
}
],
"id": "CVE-2022-3181",
"lastModified": "2024-11-21T07:18:59.383",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-02T21:15:09.773",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-06 22:29
Modified
2025-04-20 01:37
Severity ?
Summary
An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E89749-F4C5-4044-928B-E8D3658E9CB3",
"versionEndIncluding": "11.3.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de elemento de ruta de b\u00fasqueda no controlado en Trihedral VTScada en la versi\u00f3n 11.3.03 y anteriores. El programa ejecutar\u00e1 archivos dll maliciosos especialmente manipulados en la m\u00e1quina objetivo."
}
],
"id": "CVE-2017-14029",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-06T22:29:00.350",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-6053 (GCVE-0-2017-6053)
Vulnerability from cvelistv5
Published
2017-06-21 19:00
Modified
2024-08-05 15:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral VTScada |
Version: Trihedral VTScada |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral VTScada"
}
]
}
],
"datePublic": "2017-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user\u0027s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user\u0027s browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6053",
"datePublished": "2017-06-21T19:00:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6043 (GCVE-0-2017-6043)
Vulnerability from cvelistv5
Published
2017-06-21 19:00
Modified
2024-08-05 15:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral VTScada |
Version: Trihedral VTScada |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral VTScada"
}
]
}
],
"datePublic": "2017-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6043",
"datePublished": "2017-06-21T19:00:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4532 (GCVE-0-2016-4532)
Vulnerability from cvelistv5
Published
2016-06-09 10:00
Modified
2024-08-06 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-403"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"name": "91077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T22:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-403"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"name": "91077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-403",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-403"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"name": "91077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-4532",
"datePublished": "2016-06-09T10:00:00",
"dateReserved": "2016-05-05T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14031 (GCVE-0-2017-14031)
Vulnerability from cvelistv5
Published
2017-11-06 22:00
Modified
2024-08-05 19:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral Engineering Limited VTScada |
Version: Trihedral Engineering Limited VTScada |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral Engineering Limited VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral Engineering Limited VTScada"
}
]
}
],
"datePublic": "2017-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-06T21:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-14031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral Engineering Limited VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral Engineering Limited VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-14031",
"datePublished": "2017-11-06T22:00:00",
"dateReserved": "2017-08-30T00:00:00",
"dateUpdated": "2024-08-05T19:13:41.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9192 (GCVE-0-2014-9192)
Vulnerability from cvelistv5
Published
2014-12-11 15:00
Modified
2025-07-25 16:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trihedral Engineering | VTS |
Version: 6.5 < 9.1.19 Version: 10 < 10.2.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"
},
{
"name": "71591",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71591"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VTS",
"vendor": "Trihedral Engineering",
"versions": [
{
"lessThan": "9.1.19",
"status": "affected",
"version": "6.5",
"versionType": "custom"
},
{
"lessThan": "10.2.21",
"status": "affected",
"version": "10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "An anonymous researcher working with HP\u2019s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd\u2019s VTScada application."
}
],
"datePublic": "2014-12-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInteger overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.\u003c/p\u003e"
}
],
"value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T16:46:02.667Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02"
},
{
"name": "71591",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71591"
},
{
"url": "http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTrihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.\u2019s FTP site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\"\u003eftp://ftp.trihedral.com/VTS/\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eVersion Information:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e11.1.09 \u2013 Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.\u003c/li\u003e\n\u003cli\u003e10.2.22 \u2013Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.\u003c/li\u003e\n\u003cli\u003e09.1.20 \u2013 Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eHelp file notes for upgrading VTScada/VTS can be found at:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm\"\u003ehttp://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm\u003c/a\u003e\u003c/p\u003eIf you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:\u003cbr\u003e1-855-887-2232\u003cbr\u003e1-902-835-1575\u003cbr\u003e+44 (0) 1224 258910 for the United Kingdom\n\n\u003cbr\u003e"
}
],
"value": "Trihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.\u2019s FTP site:\u00a0ftp://ftp.trihedral.com/VTS/\n\n\nVersion Information:\n\n\n\n * 11.1.09 \u2013 Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.\n\n * 10.2.22 \u2013Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.\n\n * 09.1.20 \u2013 Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.\n\n\n\nHelp file notes for upgrading VTScada/VTS can be found at:\u00a0 http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm \n\nIf you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:\n1-855-887-2232\n1-902-835-1575\n+44 (0) 1224 258910 for the United Kingdom"
}
],
"source": {
"advisory": "ICSA-14-343-02",
"discovery": "EXTERNAL"
},
"title": "Trihedral Engineering Limited VTScada Integer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"
},
{
"name": "71591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9192",
"datePublished": "2014-12-11T15:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2025-07-25T16:46:02.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4523 (GCVE-0-2016-4523)
Vulnerability from cvelistv5
Published
2016-06-09 10:00
Modified
2025-07-30 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"name": "91077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-405"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-4523",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T13:44:47.407784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4523"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:46:37.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2022-04-15T00:00:00+00:00",
"value": "CVE-2016-4523 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T22:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"name": "91077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-405"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"name": "91077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91077"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-405",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-405"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-4523",
"datePublished": "2016-06-09T10:00:00.000Z",
"dateReserved": "2016-05-05T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:46:37.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3181 (GCVE-0-2022-3181)
Vulnerability from cvelistv5
Published
2022-11-02 20:11
Modified
2025-04-16 16:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:35.638922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:06:13.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VTScada",
"vendor": "Trihedral",
"versions": [
{
"lessThanOrEqual": "12.0.38",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Trihedral"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. \u003c/span\u003e\n\n"
}
],
"value": "An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior.\u00a0A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T20:11:14.114Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3181",
"datePublished": "2022-11-02T20:11:14.114Z",
"dateReserved": "2022-09-12T16:30:17.139Z",
"dateUpdated": "2025-04-16T16:06:13.490Z",
"requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14029 (GCVE-0-2017-14029)
Vulnerability from cvelistv5
Published
2017-11-06 22:00
Modified
2024-08-05 19:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral Engineering Limited VTScada |
Version: Trihedral Engineering Limited VTScada |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral Engineering Limited VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral Engineering Limited VTScada"
}
]
}
],
"datePublic": "2017-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-06T21:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-14029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral Engineering Limited VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral Engineering Limited VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-14029",
"datePublished": "2017-11-06T22:00:00",
"dateReserved": "2017-08-30T00:00:00",
"dateUpdated": "2024-08-05T19:13:41.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6045 (GCVE-0-2017-6045)
Vulnerability from cvelistv5
Published
2017-06-21 19:00
Modified
2024-08-05 15:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral VTScada |
Version: Trihedral VTScada |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral VTScada"
}
]
}
],
"datePublic": "2017-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-548",
"description": "CWE-548",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-548"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6045",
"datePublished": "2017-06-21T19:00:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4510 (GCVE-0-2016-4510)
Vulnerability from cvelistv5
Published
2016-06-09 10:00
Modified
2024-08-06 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-404"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"name": "91077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T22:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-404"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"name": "91077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-404",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-404"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"name": "91077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-4510",
"datePublished": "2016-06-09T10:00:00",
"dateReserved": "2016-05-05T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}