Search criteria
40 vulnerabilities found for vtscada by trihedral
VAR-202210-2081
Vulnerability from variot - Updated: 2024-06-07 22:53An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. Trihedral Provided by the company VTScada contains the following vulnerabilities: * Inappropriate input confirmation (CWE-20) - CVE-2022-3181Successful exploitation of this vulnerability could result in the following effects from a remote third party: * crafted by a remote third party HTTP Sending a request can cause the product to crash
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-2081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vtscada",
"scope": "lte",
"trust": 1.0,
"vendor": "trihedral",
"version": "12.0.38"
},
{
"model": "vtscada",
"scope": null,
"trust": 0.8,
"vendor": "trihedral engineering",
"version": null
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": null
},
{
"model": "vtscada",
"scope": "lte",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "12.0.38 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002632"
},
{
"db": "NVD",
"id": "CVE-2022-3181"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.38",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3181"
}
]
},
"cve": "CVE-2022-3181",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-002632",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-3181",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-3181",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002632",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-2420",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002632"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2420"
},
{
"db": "NVD",
"id": "CVE-2022-3181"
},
{
"db": "NVD",
"id": "CVE-2022-3181"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. \u00a0A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. Trihedral Provided by the company VTScada contains the following vulnerabilities: * Inappropriate input confirmation (CWE-20) - CVE-2022-3181Successful exploitation of this vulnerability could result in the following effects from a remote third party: * crafted by a remote third party HTTP Sending a request can cause the product to crash",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3181"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002632"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3181",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-22-300-04",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU93422132",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002632",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.5427",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2420",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002632"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2420"
},
{
"db": "NVD",
"id": "CVE-2022-3181"
}
]
},
"id": "VAR-202210-2081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.59210527
},
"last_update_date": "2024-06-07T22:53:10.566000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Download\u00a0VTScada Trihedral\u00a0Engineering",
"trust": 0.8,
"url": "https://www.vtscada.com/download-vtscada/"
},
{
"title": "VTScada Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=212873"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002632"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2420"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002632"
},
{
"db": "NVD",
"id": "CVE-2022-3181"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3181"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93422132"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3181/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5427"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002632"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2420"
},
{
"db": "NVD",
"id": "CVE-2022-3181"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002632"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-2420"
},
{
"db": "NVD",
"id": "CVE-2022-3181"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002632"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2420"
},
{
"date": "2022-11-02T21:15:09.773000",
"db": "NVD",
"id": "CVE-2022-3181"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-06T08:44:00",
"db": "JVNDB",
"id": "JVNDB-2022-002632"
},
{
"date": "2022-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-2420"
},
{
"date": "2023-11-07T03:50:56.520000",
"db": "NVD",
"id": "CVE-2022-3181"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2420"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trihedral\u00a0 Made \u00a0VTScada\u00a0 Improper Input Validation Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002632"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-2420"
}
],
"trust": 0.6
}
}
VAR-201606-0254
Vulnerability from variot - Updated: 2023-12-26 22:44The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to traverse user-supplied paths. An attacker can leverage this vulnerability to execute code under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A buffer overflow vulnerability exists in the WAP interface of Trihedral VTScada 8 and pre-1.0.2. VTScada is prone to multiple security vulnerabilities. Exploiting these issues will allow attackers to obtain sensitive information, cause denial-of-service conditions or to bypass certain security restrictions and perform unauthorized actions. VTScada versions 8 through 11.2.x are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0254",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.13"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.19"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.18"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.06"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.09"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.10"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.14"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.16"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.17"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.0.17"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.15"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.0.02"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.14"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.11"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.0.07"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.0.14"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.24"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.07"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.1.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.13"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.19"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.09"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.1.06"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.0.11"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.08"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.20"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.0.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.0.13"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.17"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.0.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.22"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.1.06"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.0.18"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.0.12"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.03"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.0.08"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.0.03"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.1.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.21"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.1.07"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.20"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.0.16"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.02"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.1.12"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.14"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.15"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.11"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.21"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.0.16"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.20"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.22"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "11.x"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "8.x from 11.2.02"
},
{
"model": "vtscada",
"scope": null,
"trust": 0.7,
"vendor": "trihedral engineering",
"version": null
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "8"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.6,
"vendor": "trihedral",
"version": "11.2.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.0.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.0.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.0.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.0.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.0.07"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.17"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.1.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.1.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.1.07"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.1.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.07"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.17"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.22"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.0.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.0.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.0.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.1.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.1.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.17"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.22"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.24"
}
],
"sources": [
{
"db": "IVD",
"id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
},
{
"db": "ZDI",
"id": "ZDI-16-405"
},
{
"db": "CNVD",
"id": "CNVD-2016-04028"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003066"
},
{
"db": "NVD",
"id": "CVE-2016-4523"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-218"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.0.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.0.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.1.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.1.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4523"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-405"
},
{
"db": "BID",
"id": "91077"
}
],
"trust": 1.0
},
"cve": "CVE-2016-4523",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4523",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4523",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04028",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4523",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4523",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2016-4523",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-04028",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-218",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-4523",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
},
{
"db": "ZDI",
"id": "ZDI-16-405"
},
{
"db": "CNVD",
"id": "CNVD-2016-04028"
},
{
"db": "VULMON",
"id": "CVE-2016-4523"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003066"
},
{
"db": "NVD",
"id": "CVE-2016-4523"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-218"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to traverse user-supplied paths. An attacker can leverage this vulnerability to execute code under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A buffer overflow vulnerability exists in the WAP interface of Trihedral VTScada 8 and pre-1.0.2. VTScada is prone to multiple security vulnerabilities. \nExploiting these issues will allow attackers to obtain sensitive information, cause denial-of-service conditions or to bypass certain security restrictions and perform unauthorized actions. \nVTScada versions 8 through 11.2.x are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4523"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003066"
},
{
"db": "ZDI",
"id": "ZDI-16-405"
},
{
"db": "CNVD",
"id": "CNVD-2016-04028"
},
{
"db": "BID",
"id": "91077"
},
{
"db": "IVD",
"id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
},
{
"db": "VULMON",
"id": "CVE-2016-4523"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4523",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-16-159-01",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-16-405",
"trust": 1.8
},
{
"db": "BID",
"id": "91077",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2016-04028",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-218",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003066",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3575",
"trust": 0.7
},
{
"db": "IVD",
"id": "A5F1CBB5-A38E-4CA2-BC23-F61CC5F911E2",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2016-4523",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
},
{
"db": "ZDI",
"id": "ZDI-16-405"
},
{
"db": "CNVD",
"id": "CNVD-2016-04028"
},
{
"db": "VULMON",
"id": "CVE-2016-4523"
},
{
"db": "BID",
"id": "91077"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003066"
},
{
"db": "NVD",
"id": "CVE-2016-4523"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-218"
}
]
},
"id": "VAR-201606-0254",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
},
{
"db": "CNVD",
"id": "CNVD-2016-04028"
}
],
"trust": 1.39210527
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
},
{
"db": "CNVD",
"id": "CNVD-2016-04028"
}
]
},
"last_update_date": "2023-12-26T22:44:35.116000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ICS-CERT VTScada Security Announcement (ICSA-16-159-01)",
"trust": 0.8,
"url": "https://www.trihedral.com/ics-cert-vtscada-security-announcement"
},
{
"title": "Trihedral Engineering Ltd has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-159-01"
},
{
"title": "Trihedral VTScada Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/77534"
},
{
"title": "Trihedral VTScada Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62174"
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/ostorlab/kev "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-405"
},
{
"db": "CNVD",
"id": "CNVD-2016-04028"
},
{
"db": "VULMON",
"id": "CVE-2016-4523"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003066"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-218"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003066"
},
{
"db": "NVD",
"id": "CVE-2016-4523"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-159-01"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91077"
},
{
"trust": 1.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-405"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4523"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4523"
},
{
"trust": 0.6,
"url": "http://www.trihedral.com/help/#op_welcome/wel_upgradenotes.htm"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=46605"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ostorlab/kev"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-405"
},
{
"db": "CNVD",
"id": "CNVD-2016-04028"
},
{
"db": "VULMON",
"id": "CVE-2016-4523"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003066"
},
{
"db": "NVD",
"id": "CVE-2016-4523"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-218"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
},
{
"db": "ZDI",
"id": "ZDI-16-405"
},
{
"db": "CNVD",
"id": "CNVD-2016-04028"
},
{
"db": "VULMON",
"id": "CVE-2016-4523"
},
{
"db": "BID",
"id": "91077"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003066"
},
{
"db": "NVD",
"id": "CVE-2016-4523"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-218"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-15T00:00:00",
"db": "IVD",
"id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
},
{
"date": "2016-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-16-405"
},
{
"date": "2016-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04028"
},
{
"date": "2016-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4523"
},
{
"date": "2016-06-07T00:00:00",
"db": "BID",
"id": "91077"
},
{
"date": "2016-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003066"
},
{
"date": "2016-06-09T10:59:04.073000",
"db": "NVD",
"id": "CVE-2016-4523"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-218"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-16-405"
},
{
"date": "2016-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04028"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4523"
},
{
"date": "2016-07-06T15:12:00",
"db": "BID",
"id": "91077"
},
{
"date": "2016-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003066"
},
{
"date": "2016-11-28T20:18:36.087000",
"db": "NVD",
"id": "CVE-2016-4523"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-218"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-218"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trihedral VTScada Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
},
{
"db": "CNVD",
"id": "CNVD-2016-04028"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-218"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-218"
}
],
"trust": 0.8
}
}
VAR-201412-0412
Vulnerability from variot - Updated: 2023-12-18 13:57Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the included HTTP server. By providing a small negative content length, an attacker is able to cause an integer overflow, resulting in the allocation of too small a buffer. The resulting heap overwrite will terminate the HTTP server. Trihedral VTScada is a SCADA industrial control product. Trihedral VTScada is prone to a denial-of-service vulnerability. Successful exploits can crash the affected application, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0412",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vtscada",
"scope": "lt",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.07"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.22"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.20"
},
{
"model": "vtscada",
"scope": "gte",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.0"
},
{
"model": "vtscada",
"scope": "gte",
"trust": 1.0,
"vendor": "trihedral",
"version": "6.5"
},
{
"model": "vtscada",
"scope": "gte",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.0"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "10.x"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "11.x"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "( old vts) 6.5 from 9.1.20"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "9.x"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "( old vts) 11.1.07"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "( old vts) 10.2.22"
},
{
"model": "vtscada",
"scope": null,
"trust": 0.7,
"vendor": "trihedral engineering",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "vtscada",
"version": "*"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "6.5-9.x(\u003c9.1.20)"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "6.5-10.x(\u003c10.2.22)"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "6.5-11.x(\u003c11.1.07)"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "10.0"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "11.0"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "10.2.21"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "9.0"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "6.5"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "9.1.19"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "11.1.07"
}
],
"sources": [
{
"db": "IVD",
"id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-425"
},
{
"db": "CNVD",
"id": "CNVD-2014-08874"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005967"
},
{
"db": "NVD",
"id": "CVE-2014-9192"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-277"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.22",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.20",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.1.07",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9192"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-425"
}
],
"trust": 0.7
},
"cve": "CVE-2014-9192",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-9192",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9192",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-08874",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9192",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2014-9192",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-08874",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-277",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-425"
},
{
"db": "CNVD",
"id": "CNVD-2014-08874"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005967"
},
{
"db": "NVD",
"id": "CVE-2014-9192"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-277"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the included HTTP server. By providing a small negative content length, an attacker is able to cause an integer overflow, resulting in the allocation of too small a buffer. The resulting heap overwrite will terminate the HTTP server. Trihedral VTScada is a SCADA industrial control product. Trihedral VTScada is prone to a denial-of-service vulnerability. \nSuccessful exploits can crash the affected application, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9192"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005967"
},
{
"db": "ZDI",
"id": "ZDI-14-425"
},
{
"db": "CNVD",
"id": "CNVD-2014-08874"
},
{
"db": "BID",
"id": "71591"
},
{
"db": "IVD",
"id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9192",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-14-343-02",
"trust": 3.0
},
{
"db": "BID",
"id": "71591",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2014-08874",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201412-277",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005967",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2599",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-425",
"trust": 0.7
},
{
"db": "IVD",
"id": "B0E1AD4A-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-425"
},
{
"db": "CNVD",
"id": "CNVD-2014-08874"
},
{
"db": "BID",
"id": "71591"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005967"
},
{
"db": "NVD",
"id": "CVE-2014-9192"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-277"
}
]
},
"id": "VAR-201412-0412",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08874"
}
],
"trust": 1.39210527
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08874"
}
]
},
"last_update_date": "2023-12-18T13:57:37.934000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.trihedral.com/"
},
{
"title": "Trihedral Engineering Ltd has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-343-02"
},
{
"title": "Trihedral VTScada malformation request for denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52717"
},
{
"title": "VTSCADA 11.1.09 Full",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52973"
},
{
"title": "VTScada 10.2.22 Full",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52972"
},
{
"title": "VTS 9.1.20",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52971"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-425"
},
{
"db": "CNVD",
"id": "CNVD-2014-08874"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005967"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-277"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005967"
},
{
"db": "NVD",
"id": "CVE-2014-9192"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://ics-cert.us-cert.gov//advisories/icsa-14-343-02"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9192"
},
{
"trust": 1.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-343-02"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/71591"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9192"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-425"
},
{
"db": "CNVD",
"id": "CNVD-2014-08874"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005967"
},
{
"db": "NVD",
"id": "CVE-2014-9192"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-277"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-425"
},
{
"db": "CNVD",
"id": "CNVD-2014-08874"
},
{
"db": "BID",
"id": "71591"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005967"
},
{
"db": "NVD",
"id": "CVE-2014-9192"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-277"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-12T00:00:00",
"db": "IVD",
"id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-12-12T00:00:00",
"db": "ZDI",
"id": "ZDI-14-425"
},
{
"date": "2014-12-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08874"
},
{
"date": "2014-12-09T00:00:00",
"db": "BID",
"id": "71591"
},
{
"date": "2014-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005967"
},
{
"date": "2014-12-11T15:59:04.773000",
"db": "NVD",
"id": "CVE-2014-9192"
},
{
"date": "2014-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-277"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-12T00:00:00",
"db": "ZDI",
"id": "ZDI-14-425"
},
{
"date": "2014-12-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08874"
},
{
"date": "2015-07-15T00:14:00",
"db": "BID",
"id": "71591"
},
{
"date": "2014-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005967"
},
{
"date": "2019-02-01T18:06:44.377000",
"db": "NVD",
"id": "CVE-2014-9192"
},
{
"date": "2019-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-277"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-277"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trihedral VTScada Malformed Request Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08874"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-277"
}
],
"trust": 0.6
}
}
VAR-201606-0247
Vulnerability from variot - Updated: 2023-12-18 13:14The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to properly validate user-supplied filenames. An attacker can leverage this vulnerability to disclose the contents of arbitrary files under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. An authorization vulnerability exists in the WAP interface of Trihedral VTScada 8 and pre-December 2.2.0. VTScada is prone to multiple security vulnerabilities. Exploiting these issues will allow attackers to obtain sensitive information, cause denial-of-service conditions or to bypass certain security restrictions and perform unauthorized actions. VTScada versions 8 through 11.2.x are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0247",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.19"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.18"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "8.1.06"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "8.0.18"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "8.1.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.20"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.16"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.17"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "8.0.16"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.0.17"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.15"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.0.02"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.14"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.11"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.0.07"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.0.14"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.24"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.07"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.1.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.13"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.19"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.1.06"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.09"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.0.11"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.0.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.08"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.20"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.0.13"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.22"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.17"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.06"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.20"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.0.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.09"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.0.12"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.0.08"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.0.03"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.03"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.21"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.1.07"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.10"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.14"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.0.16"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.02"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.1.12"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.15"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.14"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.11"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.21"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.13"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.22"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "11.x"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "8.x from 11.2.02"
},
{
"model": "vtscada",
"scope": null,
"trust": 0.7,
"vendor": "trihedral engineering",
"version": null
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "8"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.6,
"vendor": "trihedral",
"version": "11.2.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.1.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.1.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.1.07"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.1.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.17"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.17"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.22"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.0.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.0.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.0.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.1.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.1.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.07"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.17"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.22"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.0.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.0.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.0.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.0.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.0.07"
}
],
"sources": [
{
"db": "IVD",
"id": "3bc17619-9912-4535-90ec-0ef1dd642360"
},
{
"db": "ZDI",
"id": "ZDI-16-404"
},
{
"db": "CNVD",
"id": "CNVD-2016-04029"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003077"
},
{
"db": "NVD",
"id": "CVE-2016-4510"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-217"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.1.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.1.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.0.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.0.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4510"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-404"
},
{
"db": "BID",
"id": "91077"
}
],
"trust": 1.0
},
"cve": "CVE-2016-4510",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4510",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4510",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04029",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3bc17619-9912-4535-90ec-0ef1dd642360",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4510",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4510",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2016-4510",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-04029",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-217",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3bc17619-9912-4535-90ec-0ef1dd642360",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3bc17619-9912-4535-90ec-0ef1dd642360"
},
{
"db": "ZDI",
"id": "ZDI-16-404"
},
{
"db": "CNVD",
"id": "CNVD-2016-04029"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003077"
},
{
"db": "NVD",
"id": "CVE-2016-4510"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-217"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to properly validate user-supplied filenames. An attacker can leverage this vulnerability to disclose the contents of arbitrary files under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. An authorization vulnerability exists in the WAP interface of Trihedral VTScada 8 and pre-December 2.2.0. VTScada is prone to multiple security vulnerabilities. \nExploiting these issues will allow attackers to obtain sensitive information, cause denial-of-service conditions or to bypass certain security restrictions and perform unauthorized actions. \nVTScada versions 8 through 11.2.x are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4510"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003077"
},
{
"db": "ZDI",
"id": "ZDI-16-404"
},
{
"db": "CNVD",
"id": "CNVD-2016-04029"
},
{
"db": "BID",
"id": "91077"
},
{
"db": "IVD",
"id": "3bc17619-9912-4535-90ec-0ef1dd642360"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4510",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-16-159-01",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-16-404",
"trust": 1.7
},
{
"db": "BID",
"id": "91077",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2016-04029",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-217",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003077",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3512",
"trust": 0.7
},
{
"db": "IVD",
"id": "3BC17619-9912-4535-90EC-0EF1DD642360",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3bc17619-9912-4535-90ec-0ef1dd642360"
},
{
"db": "ZDI",
"id": "ZDI-16-404"
},
{
"db": "CNVD",
"id": "CNVD-2016-04029"
},
{
"db": "BID",
"id": "91077"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003077"
},
{
"db": "NVD",
"id": "CVE-2016-4510"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-217"
}
]
},
"id": "VAR-201606-0247",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3bc17619-9912-4535-90ec-0ef1dd642360"
},
{
"db": "CNVD",
"id": "CNVD-2016-04029"
}
],
"trust": 1.39210527
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3bc17619-9912-4535-90ec-0ef1dd642360"
},
{
"db": "CNVD",
"id": "CNVD-2016-04029"
}
]
},
"last_update_date": "2023-12-18T13:14:32.267000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ICS-CERT VTScada Security Announcement (ICSA-16-159-01)",
"trust": 0.8,
"url": "https://www.trihedral.com/ics-cert-vtscada-security-announcement"
},
{
"title": "Trihedral Engineering Ltd has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-159-01"
},
{
"title": "Patch for Trihedral VTScada Authorization Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/77533"
},
{
"title": "Trihedral VTScada Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62173"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-404"
},
{
"db": "CNVD",
"id": "CNVD-2016-04029"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003077"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-217"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003077"
},
{
"db": "NVD",
"id": "CVE-2016-4510"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-159-01"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/91077"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-404"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4510"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4510"
},
{
"trust": 0.6,
"url": "http://www.trihedral.com/help/#op_welcome/wel_upgradenotes.htm"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-404"
},
{
"db": "CNVD",
"id": "CNVD-2016-04029"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003077"
},
{
"db": "NVD",
"id": "CVE-2016-4510"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-217"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3bc17619-9912-4535-90ec-0ef1dd642360"
},
{
"db": "ZDI",
"id": "ZDI-16-404"
},
{
"db": "CNVD",
"id": "CNVD-2016-04029"
},
{
"db": "BID",
"id": "91077"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003077"
},
{
"db": "NVD",
"id": "CVE-2016-4510"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-217"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-15T00:00:00",
"db": "IVD",
"id": "3bc17619-9912-4535-90ec-0ef1dd642360"
},
{
"date": "2016-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-16-404"
},
{
"date": "2016-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04029"
},
{
"date": "2016-06-07T00:00:00",
"db": "BID",
"id": "91077"
},
{
"date": "2016-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003077"
},
{
"date": "2016-06-09T10:59:03.043000",
"db": "NVD",
"id": "CVE-2016-4510"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-217"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-16-404"
},
{
"date": "2016-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04029"
},
{
"date": "2016-07-06T15:12:00",
"db": "BID",
"id": "91077"
},
{
"date": "2016-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003077"
},
{
"date": "2016-11-28T20:18:30.883000",
"db": "NVD",
"id": "CVE-2016-4510"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-217"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-217"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trihedral VTScada Authorization Issue Vulnerability",
"sources": [
{
"db": "IVD",
"id": "3bc17619-9912-4535-90ec-0ef1dd642360"
},
{
"db": "CNVD",
"id": "CNVD-2016-04029"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-217"
}
],
"trust": 0.6
}
}
VAR-201606-0260
Vulnerability from variot - Updated: 2023-12-18 13:14Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to properly restrict the path from which images are retrieved. An attacker can leverage this vulnerability to disclose the contents of arbitrary files under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. VTScada is prone to multiple security vulnerabilities. Exploiting these issues will allow attackers to obtain sensitive information, cause denial-of-service conditions or to bypass certain security restrictions and perform unauthorized actions. VTScada versions 8 through 11.2.x are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0260",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "10.0.17"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "10.0.14"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.13"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "10.0.11"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "10.0.13"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.06"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.09"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.10"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "10.0.16"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.6,
"vendor": "trihedral",
"version": "11.1.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.15"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.0.02"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.14"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.11"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.0.07"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.24"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.19"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.07"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.1.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.13"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.19"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.1.06"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.09"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.08"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.0.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.20"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.18"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.17"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.0.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.22"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.1.06"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.0.18"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.0.12"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.0.08"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.0.03"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.03"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.1.05"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.21"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.1.07"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.14"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.20"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.16"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.02"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.1.12"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.14"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.15"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.11"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.17"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.1.21"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "8.0.16"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "9.1.20"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 1.0,
"vendor": "trihedral",
"version": "10.2.22"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "11.x"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "8.x from 11.2.02"
},
{
"model": "vtscada",
"scope": null,
"trust": 0.7,
"vendor": "trihedral engineering",
"version": null
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "8"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.6,
"vendor": "trihedral",
"version": "11.2.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.1.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.1.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.1.07"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.1.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.0.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.0.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.0.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "9.1.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.0.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.0.07"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.07"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.17"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.2.22"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.0.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.0.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.0.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.1.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "8.1.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.17"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.22"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "11.1.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "10.0.17"
}
],
"sources": [
{
"db": "IVD",
"id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
},
{
"db": "ZDI",
"id": "ZDI-16-403"
},
{
"db": "CNVD",
"id": "CNVD-2016-04027"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003078"
},
{
"db": "NVD",
"id": "CVE-2016-4532"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-219"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.0.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.0.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.1.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.1.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4532"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-403"
},
{
"db": "BID",
"id": "91077"
}
],
"trust": 1.0
},
"cve": "CVE-2016-4532",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4532",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4532",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04027",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "007c45d2-f49c-4f4c-b34a-a12ea1873170",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4532",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4532",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2016-4532",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-04027",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-219",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "007c45d2-f49c-4f4c-b34a-a12ea1873170",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
},
{
"db": "ZDI",
"id": "ZDI-16-403"
},
{
"db": "CNVD",
"id": "CNVD-2016-04027"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003078"
},
{
"db": "NVD",
"id": "CVE-2016-4532"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-219"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to properly restrict the path from which images are retrieved. An attacker can leverage this vulnerability to disclose the contents of arbitrary files under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. VTScada is prone to multiple security vulnerabilities. \nExploiting these issues will allow attackers to obtain sensitive information, cause denial-of-service conditions or to bypass certain security restrictions and perform unauthorized actions. \nVTScada versions 8 through 11.2.x are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4532"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003078"
},
{
"db": "ZDI",
"id": "ZDI-16-403"
},
{
"db": "CNVD",
"id": "CNVD-2016-04027"
},
{
"db": "BID",
"id": "91077"
},
{
"db": "IVD",
"id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4532",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-16-159-01",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-16-403",
"trust": 1.7
},
{
"db": "BID",
"id": "91077",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2016-04027",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-219",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003078",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3513",
"trust": 0.7
},
{
"db": "IVD",
"id": "007C45D2-F49C-4F4C-B34A-A12EA1873170",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
},
{
"db": "ZDI",
"id": "ZDI-16-403"
},
{
"db": "CNVD",
"id": "CNVD-2016-04027"
},
{
"db": "BID",
"id": "91077"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003078"
},
{
"db": "NVD",
"id": "CVE-2016-4532"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-219"
}
]
},
"id": "VAR-201606-0260",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
},
{
"db": "CNVD",
"id": "CNVD-2016-04027"
}
],
"trust": 1.39210527
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
},
{
"db": "CNVD",
"id": "CNVD-2016-04027"
}
]
},
"last_update_date": "2023-12-18T13:14:32.308000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ICS-CERT VTScada Security Announcement (ICSA-16-159-01)",
"trust": 0.8,
"url": "https://www.trihedral.com/ics-cert-vtscada-security-announcement"
},
{
"title": "Trihedral Engineering Ltd has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-159-01"
},
{
"title": "Trihedral VTScada directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/77535"
},
{
"title": "Trihedral VTScada Fixes for directory traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62175"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-403"
},
{
"db": "CNVD",
"id": "CNVD-2016-04027"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003078"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-219"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003078"
},
{
"db": "NVD",
"id": "CVE-2016-4532"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-159-01"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/91077"
},
{
"trust": 1.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-403"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4532"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4532"
},
{
"trust": 0.6,
"url": "http://www.trihedral.com/help/#op_welcome/wel_upgradenotes.htm"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-403"
},
{
"db": "CNVD",
"id": "CNVD-2016-04027"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003078"
},
{
"db": "NVD",
"id": "CVE-2016-4532"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
},
{
"db": "ZDI",
"id": "ZDI-16-403"
},
{
"db": "CNVD",
"id": "CNVD-2016-04027"
},
{
"db": "BID",
"id": "91077"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003078"
},
{
"db": "NVD",
"id": "CVE-2016-4532"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-15T00:00:00",
"db": "IVD",
"id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
},
{
"date": "2016-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-16-403"
},
{
"date": "2016-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04027"
},
{
"date": "2016-06-07T00:00:00",
"db": "BID",
"id": "91077"
},
{
"date": "2016-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003078"
},
{
"date": "2016-06-09T10:59:05.340000",
"db": "NVD",
"id": "CVE-2016-4532"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-16-403"
},
{
"date": "2016-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04027"
},
{
"date": "2016-07-06T15:12:00",
"db": "BID",
"id": "91077"
},
{
"date": "2016-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003078"
},
{
"date": "2016-11-28T20:18:40.477000",
"db": "NVD",
"id": "CVE-2016-4532"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-219"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-219"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trihedral VTScada Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
},
{
"db": "CNVD",
"id": "CNVD-2016-04027"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-219"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-219"
}
],
"trust": 0.8
}
}
VAR-201706-0451
Vulnerability from variot - Updated: 2023-12-18 12:44A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. Trihedral VTScada is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. 3. An information-disclosure vulnerability. This can allow the attacker to steal cookie-based authentication credentials or gain access to sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral Equipment: VTScada Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure Advisory URL: https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/
ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01
AFFECTED PRODUCTS
The following versions of VTScada, an HMI SCADA software, are affected:
VTScada Versions prior to 11.2.26
IMPACT
Successful exploitation of these vulnerabilities could result in uncontrolled resource consumption, arbitrary code execution, or information exposure.
VULNERABILITY OVERVIEW
UNCONTROLLED RESOURCE CONSUMPTION CWE-400 https://cwe.mitre.org/data/definitions/400.html
The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ).
Exploitation
Note that this vulnerability targets the VTScada thick client installed on the system. Any application user (including a non-admin, restricted user) who has access to the thick client can potentially bring down the system.
Payload can be up to ~80k characters. Repeated attempts result in spiked CPU usage & consumption of RAM / page resources. Where a full-blown application (or multiple applications in production scenario) is deployed, i.e. with an operational/functional configuration, memory/CPU usage is notably higher than that of a test, blank application. Repeatedly submitting such a large username input, rapidly consumes available server memory resources leading to resource exhaustion. This forces a system reboot eventually.
Where an endpoint security solution (such as AV/HIPS/Anti-Malware) is deployed on the system, resource exhaustion may be achieved relatively much faster (quickly). A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N ).
Exploitation
Multiple URLs and parameters were found to vulnerable to Reflected Cross-Site Scripting.
INFORMATION EXPOSURE CWE-548 https://cwe.mitre.org/data/definitions/548.html
Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N )
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0451",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vtscada",
"scope": "lte",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.2.23"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "11.2.26"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.6,
"vendor": "trihedral",
"version": "11.2.26"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "11.2.23"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.2.2"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.1.18"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.1.17"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.2"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.1.09"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.1.07"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.0"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "10.2.22"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "10.2"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "10.1"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "10"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "09.1.20"
},
{
"model": "engineering vtscada",
"scope": "ne",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.2.26"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
},
{
"db": "CNVD",
"id": "CNVD-2017-10708"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004919"
},
{
"db": "NVD",
"id": "CVE-2017-6053"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-831"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.2.23",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6053"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen.",
"sources": [
{
"db": "BID",
"id": "99066"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-831"
}
],
"trust": 0.9
},
"cve": "CVE-2017-6053",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6053",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-10708",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "1788e17d-8e84-4c5e-b3bc-4dc712136483",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-6053",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6053",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-10708",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-831",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1788e17d-8e84-4c5e-b3bc-4dc712136483",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
},
{
"db": "CNVD",
"id": "CNVD-2017-10708"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004919"
},
{
"db": "NVD",
"id": "CVE-2017-6053"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-831"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user\u0027s browser. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. Trihedral VTScada is prone to multiple security vulnerabilities:\n1. A denial-of-service vulnerability. \n2. \n3. An information-disclosure vulnerability. This can allow the attacker to steal cookie-based authentication credentials or gain access to sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral\nEquipment: VTScada\nVulnerability: Resource Consumption, Cross-Site Scripting, Information\nExposure\nAdvisory URL:\nhttps://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/\n\nICS-CERT Advisory\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-164-01\n\n------------------------\nAFFECTED PRODUCTS\n------------------------\nThe following versions of VTScada, an HMI SCADA software, are affected:\n\nVTScada Versions prior to 11.2.26\n\n------------------------\nIMPACT\n------------------------\n\nSuccessful exploitation of these vulnerabilities could result in\nuncontrolled resource consumption, arbitrary code execution, or information\nexposure. \n\n------------------------\nVULNERABILITY OVERVIEW\n------------------------\n\nUNCONTROLLED RESOURCE CONSUMPTION CWE-400\n\u003chttps://cwe.mitre.org/data/definitions/400.html\u003e\n\nThe client does not properly validate the input or limit the amount of\nresources that are utilized by an attacker, which can be used to consume\nmore resources than are available. A CVSS v3 base score of 7.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\u003e\n). \n\nExploitation\n\nNote that this vulnerability targets the VTScada thick client installed on\nthe system. Any application user (including a non-admin, restricted user)\nwho has access to the thick client can potentially bring down the system. \n\nPayload can be up to ~80k characters. Repeated attempts result in spiked\nCPU usage \u0026 consumption of RAM / page resources. Where a full-blown\napplication (or multiple applications in production scenario) is deployed,\ni.e. with an operational/functional configuration, memory/CPU usage is\nnotably higher than that of a test, blank application. Repeatedly\nsubmitting such a large username input, rapidly consumes available server\nmemory resources leading to resource exhaustion. This forces a system\nreboot eventually. \n\nWhere an endpoint security solution (such as AV/HIPS/Anti-Malware) is\ndeployed on the system, resource exhaustion may be achieved relatively much\nfaster (quickly). A CVSS v3 base score of 6.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\u003e\n). \n\nExploitation\n\nMultiple URLs and parameters were found to vulnerable to Reflected\nCross-Site Scripting. \n\nINFORMATION EXPOSURE CWE-548\n\u003chttps://cwe.mitre.org/data/definitions/548.html\u003e\n\nSome files are exposed within the web server application to unauthenticated\nusers. These files may contain sensitive configuration information. A CVSS v3 base score of 7.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\u003e\n)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6053"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004919"
},
{
"db": "CNVD",
"id": "CNVD-2017-10708"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "IVD",
"id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
},
{
"db": "PACKETSTORM",
"id": "143216"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6053",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-164-01",
"trust": 3.4
},
{
"db": "BID",
"id": "99066",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-10708",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-831",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004919",
"trust": 0.8
},
{
"db": "IVD",
"id": "1788E17D-8E84-4C5E-B3BC-4DC712136483",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143216",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
},
{
"db": "CNVD",
"id": "CNVD-2017-10708"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004919"
},
{
"db": "PACKETSTORM",
"id": "143216"
},
{
"db": "NVD",
"id": "CVE-2017-6053"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-831"
}
]
},
"id": "VAR-201706-0451",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
},
{
"db": "CNVD",
"id": "CNVD-2017-10708"
}
],
"trust": 1.39210527
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
},
{
"db": "CNVD",
"id": "CNVD-2017-10708"
}
]
},
"last_update_date": "2023-12-18T12:44:32.024000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.trihedral.com/"
},
{
"title": "Trihedral VTScada Cross-Site Scripting Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/96154"
},
{
"title": "Trihedral VTScada Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71099"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10708"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004919"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-831"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004919"
},
{
"db": "NVD",
"id": "CVE-2017-6053"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-164-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/99066"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6053"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6053"
},
{
"trust": 0.3,
"url": "www.trihedral.com"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6045\u003e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html\u003e"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6053\u003e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html\u003e"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6043\u003e"
},
{
"trust": 0.1,
"url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:n/s:u/c:h/i:n/a:n\u003e"
},
{
"trust": 0.1,
"url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:n/s:u/c:n/i:n/a:h\u003e"
},
{
"trust": 0.1,
"url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:r/s:u/c:h/i:n/a:n\u003e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/548.html\u003e"
},
{
"trust": 0.1,
"url": "https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10708"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004919"
},
{
"db": "PACKETSTORM",
"id": "143216"
},
{
"db": "NVD",
"id": "CVE-2017-6053"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-831"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
},
{
"db": "CNVD",
"id": "CNVD-2017-10708"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004919"
},
{
"db": "PACKETSTORM",
"id": "143216"
},
{
"db": "NVD",
"id": "CVE-2017-6053"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-831"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-22T00:00:00",
"db": "IVD",
"id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
},
{
"date": "2017-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10708"
},
{
"date": "2017-06-13T00:00:00",
"db": "BID",
"id": "99066"
},
{
"date": "2017-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004919"
},
{
"date": "2017-06-30T11:11:11",
"db": "PACKETSTORM",
"id": "143216"
},
{
"date": "2017-06-21T19:29:00.370000",
"db": "NVD",
"id": "CVE-2017-6053"
},
{
"date": "2017-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-831"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10708"
},
{
"date": "2017-06-13T00:00:00",
"db": "BID",
"id": "99066"
},
{
"date": "2017-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004919"
},
{
"date": "2019-10-09T23:28:38.917000",
"db": "NVD",
"id": "CVE-2017-6053"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-831"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-831"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trihedral VTScada Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
},
{
"db": "CNVD",
"id": "CNVD-2017-10708"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-831"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-831"
}
],
"trust": 0.6
}
}
VAR-201706-0469
Vulnerability from variot - Updated: 2023-12-18 12:44An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. Trihedral VTScada is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. A cross-site scripting vulnerability. 3. An information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral Equipment: VTScada Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure Advisory URL: https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/
ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01
AFFECTED PRODUCTS
The following versions of VTScada, an HMI SCADA software, are affected:
VTScada Versions prior to 11.2.26
IMPACT
Successful exploitation of these vulnerabilities could result in uncontrolled resource consumption, arbitrary code execution, or information exposure.
VULNERABILITY OVERVIEW
UNCONTROLLED RESOURCE CONSUMPTION CWE-400 https://cwe.mitre.org/data/definitions/400.html
The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ).
Exploitation
Note that this vulnerability targets the VTScada thick client installed on the system. Any application user (including a non-admin, restricted user) who has access to the thick client can potentially bring down the system.
Payload can be up to ~80k characters. Repeated attempts result in spiked CPU usage & consumption of RAM / page resources. Where a full-blown application (or multiple applications in production scenario) is deployed, i.e. with an operational/functional configuration, memory/CPU usage is notably higher than that of a test, blank application. Repeatedly submitting such a large username input, rapidly consumes available server memory resources leading to resource exhaustion. This forces a system reboot eventually.
Where an endpoint security solution (such as AV/HIPS/Anti-Malware) is deployed on the system, resource exhaustion may be achieved relatively much faster (quickly). A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N ).
Exploitation
Multiple URLs and parameters were found to vulnerable to Reflected Cross-Site Scripting. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N )
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0469",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vtscada",
"scope": "lte",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.2.23"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "11.2.26"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.6,
"vendor": "trihedral",
"version": "11.2.26"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "11.2.23"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.2.2"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.1.18"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.1.17"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.2"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.1.09"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.1.07"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.0"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "10.2.22"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "10.2"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "10.1"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "10"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "09.1.20"
},
{
"model": "engineering vtscada",
"scope": "ne",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.2.26"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
},
{
"db": "CNVD",
"id": "CNVD-2017-10706"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004918"
},
{
"db": "NVD",
"id": "CVE-2017-6045"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-829"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.2.23",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6045"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen.",
"sources": [
{
"db": "BID",
"id": "99066"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-829"
}
],
"trust": 0.9
},
"cve": "CVE-2017-6045",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-6045",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-10706",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "88db1989-3529-4cae-9472-2d7b6e93ab47",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6045",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6045",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-10706",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-829",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "88db1989-3529-4cae-9472-2d7b6e93ab47",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
},
{
"db": "CNVD",
"id": "CNVD-2017-10706"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004918"
},
{
"db": "NVD",
"id": "CVE-2017-6045"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-829"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. Trihedral VTScada is prone to multiple security vulnerabilities:\n1. A denial-of-service vulnerability. \n2. A cross-site scripting vulnerability. \n3. An information-disclosure vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral\nEquipment: VTScada\nVulnerability: Resource Consumption, Cross-Site Scripting, Information\nExposure\nAdvisory URL:\nhttps://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/\n\nICS-CERT Advisory\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-164-01\n\n------------------------\nAFFECTED PRODUCTS\n------------------------\nThe following versions of VTScada, an HMI SCADA software, are affected:\n\nVTScada Versions prior to 11.2.26\n\n------------------------\nIMPACT\n------------------------\n\nSuccessful exploitation of these vulnerabilities could result in\nuncontrolled resource consumption, arbitrary code execution, or information\nexposure. \n\n------------------------\nVULNERABILITY OVERVIEW\n------------------------\n\nUNCONTROLLED RESOURCE CONSUMPTION CWE-400\n\u003chttps://cwe.mitre.org/data/definitions/400.html\u003e\n\nThe client does not properly validate the input or limit the amount of\nresources that are utilized by an attacker, which can be used to consume\nmore resources than are available. A CVSS v3 base score of 7.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\u003e\n). \n\nExploitation\n\nNote that this vulnerability targets the VTScada thick client installed on\nthe system. Any application user (including a non-admin, restricted user)\nwho has access to the thick client can potentially bring down the system. \n\nPayload can be up to ~80k characters. Repeated attempts result in spiked\nCPU usage \u0026 consumption of RAM / page resources. Where a full-blown\napplication (or multiple applications in production scenario) is deployed,\ni.e. with an operational/functional configuration, memory/CPU usage is\nnotably higher than that of a test, blank application. Repeatedly\nsubmitting such a large username input, rapidly consumes available server\nmemory resources leading to resource exhaustion. This forces a system\nreboot eventually. \n\nWhere an endpoint security solution (such as AV/HIPS/Anti-Malware) is\ndeployed on the system, resource exhaustion may be achieved relatively much\nfaster (quickly). A CVSS v3 base score of 6.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\u003e\n). \n\nExploitation\n\nMultiple URLs and parameters were found to vulnerable to Reflected\nCross-Site Scripting. A CVSS v3 base score of 7.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\u003e\n)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6045"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004918"
},
{
"db": "CNVD",
"id": "CNVD-2017-10706"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "IVD",
"id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
},
{
"db": "PACKETSTORM",
"id": "143216"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6045",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-164-01",
"trust": 3.4
},
{
"db": "BID",
"id": "99066",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-10706",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-829",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004918",
"trust": 0.8
},
{
"db": "IVD",
"id": "88DB1989-3529-4CAE-9472-2D7B6E93AB47",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143216",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
},
{
"db": "CNVD",
"id": "CNVD-2017-10706"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004918"
},
{
"db": "PACKETSTORM",
"id": "143216"
},
{
"db": "NVD",
"id": "CVE-2017-6045"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-829"
}
]
},
"id": "VAR-201706-0469",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
},
{
"db": "CNVD",
"id": "CNVD-2017-10706"
}
],
"trust": 1.39210527
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
},
{
"db": "CNVD",
"id": "CNVD-2017-10706"
}
]
},
"last_update_date": "2023-12-18T12:44:32.062000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.trihedral.com/"
},
{
"title": "Trihedral VTScada Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/96153"
},
{
"title": "Trihedral VTScada Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71097"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10706"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004918"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-829"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004918"
},
{
"db": "NVD",
"id": "CVE-2017-6045"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-164-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/99066"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6045"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6045"
},
{
"trust": 0.3,
"url": "www.trihedral.com"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6045\u003e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html\u003e"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6053\u003e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html\u003e"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6043\u003e"
},
{
"trust": 0.1,
"url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:n/s:u/c:h/i:n/a:n\u003e"
},
{
"trust": 0.1,
"url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:n/s:u/c:n/i:n/a:h\u003e"
},
{
"trust": 0.1,
"url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:r/s:u/c:h/i:n/a:n\u003e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/548.html\u003e"
},
{
"trust": 0.1,
"url": "https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10706"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004918"
},
{
"db": "PACKETSTORM",
"id": "143216"
},
{
"db": "NVD",
"id": "CVE-2017-6045"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-829"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
},
{
"db": "CNVD",
"id": "CNVD-2017-10706"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004918"
},
{
"db": "PACKETSTORM",
"id": "143216"
},
{
"db": "NVD",
"id": "CVE-2017-6045"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-829"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-22T00:00:00",
"db": "IVD",
"id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
},
{
"date": "2017-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10706"
},
{
"date": "2017-06-13T00:00:00",
"db": "BID",
"id": "99066"
},
{
"date": "2017-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004918"
},
{
"date": "2017-06-30T11:11:11",
"db": "PACKETSTORM",
"id": "143216"
},
{
"date": "2017-06-21T19:29:00.307000",
"db": "NVD",
"id": "CVE-2017-6045"
},
{
"date": "2017-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-829"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10706"
},
{
"date": "2017-06-13T00:00:00",
"db": "BID",
"id": "99066"
},
{
"date": "2017-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004918"
},
{
"date": "2019-10-09T23:28:37.857000",
"db": "NVD",
"id": "CVE-2017-6045"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-829"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-829"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trihedral VTScada Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
},
{
"db": "CNVD",
"id": "CNVD-2017-10706"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-829"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-829"
}
],
"trust": 0.6
}
}
VAR-201706-0467
Vulnerability from variot - Updated: 2023-12-18 12:44A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. Trihedral VTScada Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A denial of service vulnerability exists in versions of Trihedral VTScada prior to 11.2.26 that caused the program to fail to validate input or limit the total amount of resources used. An attacker could exploit the vulnerability to cause a denial of service (a significant drain on resources). Trihedral VTScada is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. A cross-site scripting vulnerability. 3. An information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials or gain access to sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral Equipment: VTScada Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure Advisory URL: https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/
ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01
AFFECTED PRODUCTS
The following versions of VTScada, an HMI SCADA software, are affected:
VTScada Versions prior to 11.2.26
IMPACT
Successful exploitation of these vulnerabilities could result in uncontrolled resource consumption, arbitrary code execution, or information exposure. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ).
Exploitation
Note that this vulnerability targets the VTScada thick client installed on the system. Any application user (including a non-admin, restricted user) who has access to the thick client can potentially bring down the system.
Payload can be up to ~80k characters. Repeated attempts result in spiked CPU usage & consumption of RAM / page resources. Where a full-blown application (or multiple applications in production scenario) is deployed, i.e. with an operational/functional configuration, memory/CPU usage is notably higher than that of a test, blank application. Repeatedly submitting such a large username input, rapidly consumes available server memory resources leading to resource exhaustion. This forces a system reboot eventually.
Where an endpoint security solution (such as AV/HIPS/Anti-Malware) is deployed on the system, resource exhaustion may be achieved relatively much faster (quickly). A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N ).
Exploitation
Multiple URLs and parameters were found to vulnerable to Reflected Cross-Site Scripting.
INFORMATION EXPOSURE CWE-548 https://cwe.mitre.org/data/definitions/548.html
Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N )
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0467",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vtscada",
"scope": "lte",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.2.23"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "11.2.26"
},
{
"model": "vtscada",
"scope": "lt",
"trust": 0.6,
"vendor": "trihedral",
"version": "11.2.26"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "11.2.23"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.2.2"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.1.18"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.1.17"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.2"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.1.09"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.1.07"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.0"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "11"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "10.2.22"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "10.2"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "10.1"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "10"
},
{
"model": "engineering vtscada",
"scope": "eq",
"trust": 0.3,
"vendor": "trihedral",
"version": "09.1.20"
},
{
"model": "engineering vtscada",
"scope": "ne",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.2.26"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
},
{
"db": "CNVD",
"id": "CNVD-2017-10707"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004917"
},
{
"db": "NVD",
"id": "CVE-2017-6043"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-830"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.2.23",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6043"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen.",
"sources": [
{
"db": "BID",
"id": "99066"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-830"
}
],
"trust": 0.9
},
"cve": "CVE-2017-6043",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6043",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-10707",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "a084bafc-df0b-469d-85a8-46c98d18dce9",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6043",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6043",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-10707",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-830",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a084bafc-df0b-469d-85a8-46c98d18dce9",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
},
{
"db": "CNVD",
"id": "CNVD-2017-10707"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004917"
},
{
"db": "NVD",
"id": "CVE-2017-6043"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-830"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. Trihedral VTScada Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A denial of service vulnerability exists in versions of Trihedral VTScada prior to 11.2.26 that caused the program to fail to validate input or limit the total amount of resources used. An attacker could exploit the vulnerability to cause a denial of service (a significant drain on resources). Trihedral VTScada is prone to multiple security vulnerabilities:\n1. A denial-of-service vulnerability. \n2. A cross-site scripting vulnerability. \n3. An information-disclosure vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials or gain access to sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral\nEquipment: VTScada\nVulnerability: Resource Consumption, Cross-Site Scripting, Information\nExposure\nAdvisory URL:\nhttps://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/\n\nICS-CERT Advisory\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-164-01\n\n------------------------\nAFFECTED PRODUCTS\n------------------------\nThe following versions of VTScada, an HMI SCADA software, are affected:\n\nVTScada Versions prior to 11.2.26\n\n------------------------\nIMPACT\n------------------------\n\nSuccessful exploitation of these vulnerabilities could result in\nuncontrolled resource consumption, arbitrary code execution, or information\nexposure. A CVSS v3 base score of 7.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\u003e\n). \n\nExploitation\n\nNote that this vulnerability targets the VTScada thick client installed on\nthe system. Any application user (including a non-admin, restricted user)\nwho has access to the thick client can potentially bring down the system. \n\nPayload can be up to ~80k characters. Repeated attempts result in spiked\nCPU usage \u0026 consumption of RAM / page resources. Where a full-blown\napplication (or multiple applications in production scenario) is deployed,\ni.e. with an operational/functional configuration, memory/CPU usage is\nnotably higher than that of a test, blank application. Repeatedly\nsubmitting such a large username input, rapidly consumes available server\nmemory resources leading to resource exhaustion. This forces a system\nreboot eventually. \n\nWhere an endpoint security solution (such as AV/HIPS/Anti-Malware) is\ndeployed on the system, resource exhaustion may be achieved relatively much\nfaster (quickly). A CVSS v3 base score of 6.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\u003e\n). \n\nExploitation\n\nMultiple URLs and parameters were found to vulnerable to Reflected\nCross-Site Scripting. \n\nINFORMATION EXPOSURE CWE-548\n\u003chttps://cwe.mitre.org/data/definitions/548.html\u003e\n\nSome files are exposed within the web server application to unauthenticated\nusers. These files may contain sensitive configuration information. A CVSS v3 base score of 7.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\u003e\n)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6043"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004917"
},
{
"db": "CNVD",
"id": "CNVD-2017-10707"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "IVD",
"id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
},
{
"db": "PACKETSTORM",
"id": "143216"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6043",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-164-01",
"trust": 3.4
},
{
"db": "BID",
"id": "99066",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-10707",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-830",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004917",
"trust": 0.8
},
{
"db": "IVD",
"id": "A084BAFC-DF0B-469D-85A8-46C98D18DCE9",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143216",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
},
{
"db": "CNVD",
"id": "CNVD-2017-10707"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004917"
},
{
"db": "PACKETSTORM",
"id": "143216"
},
{
"db": "NVD",
"id": "CVE-2017-6043"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-830"
}
]
},
"id": "VAR-201706-0467",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
},
{
"db": "CNVD",
"id": "CNVD-2017-10707"
}
],
"trust": 1.39210527
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
},
{
"db": "CNVD",
"id": "CNVD-2017-10707"
}
]
},
"last_update_date": "2023-12-18T12:44:31.985000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.trihedral.com/"
},
{
"title": "Trihedral VTScada denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/96152"
},
{
"title": "Trihedral VTScada Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71098"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10707"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004917"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-830"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004917"
},
{
"db": "NVD",
"id": "CVE-2017-6043"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-164-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/99066"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6043"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6043"
},
{
"trust": 0.3,
"url": "www.trihedral.com"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6045\u003e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html\u003e"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6053\u003e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html\u003e"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6043\u003e"
},
{
"trust": 0.1,
"url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:n/s:u/c:h/i:n/a:n\u003e"
},
{
"trust": 0.1,
"url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:n/s:u/c:n/i:n/a:h\u003e"
},
{
"trust": 0.1,
"url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:r/s:u/c:h/i:n/a:n\u003e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/548.html\u003e"
},
{
"trust": 0.1,
"url": "https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10707"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004917"
},
{
"db": "PACKETSTORM",
"id": "143216"
},
{
"db": "NVD",
"id": "CVE-2017-6043"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-830"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
},
{
"db": "CNVD",
"id": "CNVD-2017-10707"
},
{
"db": "BID",
"id": "99066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004917"
},
{
"db": "PACKETSTORM",
"id": "143216"
},
{
"db": "NVD",
"id": "CVE-2017-6043"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-830"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-22T00:00:00",
"db": "IVD",
"id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
},
{
"date": "2017-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10707"
},
{
"date": "2017-06-13T00:00:00",
"db": "BID",
"id": "99066"
},
{
"date": "2017-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004917"
},
{
"date": "2017-06-30T11:11:11",
"db": "PACKETSTORM",
"id": "143216"
},
{
"date": "2017-06-21T19:29:00.277000",
"db": "NVD",
"id": "CVE-2017-6043"
},
{
"date": "2017-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-830"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10707"
},
{
"date": "2017-06-13T00:00:00",
"db": "BID",
"id": "99066"
},
{
"date": "2017-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004917"
},
{
"date": "2019-10-09T23:28:37.607000",
"db": "NVD",
"id": "CVE-2017-6043"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-830"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-830"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trihedral VTScada Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
},
{
"db": "CNVD",
"id": "CNVD-2017-10707"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-830"
}
],
"trust": 0.8
}
}
VAR-201711-0416
Vulnerability from variot - Updated: 2023-12-18 12:19An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine. Trihedral VTScada Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. There are multiple vulnerabilities in Trihedral Engineering Limited VTScada. An attacker could execute arbitrary script code in an affected application or bypass an security restriction to perform an unauthorized operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0416",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "engineering limited vtscada",
"scope": "eq",
"trust": 1.1,
"vendor": "trihedral",
"version": "11.3.2"
},
{
"model": "vtscada",
"scope": "lte",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.3.03"
},
{
"model": "engineering limited vtscada",
"scope": "eq",
"trust": 0.9,
"vendor": "trihedral",
"version": "11.3.3"
},
{
"model": "vtscada",
"scope": "lte",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "11.3.03"
},
{
"model": "engineering limited vtscada",
"scope": "lte",
"trust": 0.6,
"vendor": "trihedral",
"version": "\u003c=11.3.03"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "11.3.03"
},
{
"model": "engineering limited vtscada",
"scope": "ne",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.3.5"
},
{
"model": "engineering limited vtscada",
"scope": "eq",
"trust": 0.2,
"vendor": "trihedral",
"version": "11.3.3*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32170"
},
{
"db": "BID",
"id": "101629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009927"
},
{
"db": "NVD",
"id": "CVE-2017-14029"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1246"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.03",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14029"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen and Mark Cross.",
"sources": [
{
"db": "BID",
"id": "101629"
}
],
"trust": 0.3
},
"cve": "CVE-2017-14029",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-14029",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-16270",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-32170",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "c562c215-19e3-4491-81b1-bb0f615e15c7",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14029",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14029",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-16270",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-32170",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1246",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c562c215-19e3-4491-81b1-bb0f615e15c7",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32170"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009927"
},
{
"db": "NVD",
"id": "CVE-2017-14029"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1246"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine. Trihedral VTScada Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. There are multiple vulnerabilities in Trihedral Engineering Limited VTScada. An attacker could execute arbitrary script code in an affected application or bypass an security restriction to perform an unauthorized operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009927"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32170"
},
{
"db": "BID",
"id": "101629"
},
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-304-02",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2017-14029",
"trust": 3.2
},
{
"db": "BID",
"id": "101629",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-16270",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-32170",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1246",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009927",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F8AE50-39AB-11E9-BD77-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "C562C215-19E3-4491-81B1-BB0F615E15C7",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32170"
},
{
"db": "BID",
"id": "101629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009927"
},
{
"db": "NVD",
"id": "CVE-2017-14029"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1246"
}
]
},
"id": "VAR-201711-0416",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32170"
}
],
"trust": 2.3460526350000004
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32170"
}
]
},
"last_update_date": "2023-12-18T12:19:20.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Moving to the Current Version",
"trust": 0.8,
"url": "https://www.trihedral.com/help/content/op_welcome/wel_upgradenotes.htm"
},
{
"title": "Trihedral Engineering Limited VTScada ICSA-17-304-0 patch with multiple vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/137735"
},
{
"title": "Trihedral Engineering Limited VTScada DLL hijacking vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/105112"
},
{
"title": "Trihedral VTScada Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100009"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32170"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009927"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1246"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009927"
},
{
"db": "NVD",
"id": "CVE-2017-14029"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-304-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14029"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14029"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/101629"
},
{
"trust": 0.3,
"url": "www.trihedral.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32170"
},
{
"db": "BID",
"id": "101629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009927"
},
{
"db": "NVD",
"id": "CVE-2017-14029"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1246"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32170"
},
{
"db": "BID",
"id": "101629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009927"
},
{
"db": "NVD",
"id": "CVE-2017-14029"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1246"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-27T00:00:00",
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"date": "2017-11-01T00:00:00",
"db": "IVD",
"id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
},
{
"date": "2018-08-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"date": "2017-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32170"
},
{
"date": "2017-10-31T00:00:00",
"db": "BID",
"id": "101629"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009927"
},
{
"date": "2017-11-06T22:29:00.350000",
"db": "NVD",
"id": "CVE-2017-14029"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1246"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"date": "2017-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32170"
},
{
"date": "2017-12-19T22:36:00",
"db": "BID",
"id": "101629"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009927"
},
{
"date": "2019-10-09T23:23:46",
"db": "NVD",
"id": "CVE-2017-14029"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1246"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1246"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trihedral Engineering Limited VTScada DLL Hijacking vulnerability",
"sources": [
{
"db": "IVD",
"id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
},
{
"db": "CNVD",
"id": "CNVD-2017-32170"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1246"
}
],
"trust": 0.8
}
}
VAR-201711-0417
Vulnerability from variot - Updated: 2023-12-18 12:19An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine. Trihedral VTScada Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. There are multiple vulnerabilities in Trihedral Engineering Limited VTScada. An attacker could execute arbitrary script code in an affected application or bypass an security restriction to perform an unauthorized operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "engineering limited vtscada",
"scope": "eq",
"trust": 1.1,
"vendor": "trihedral",
"version": "11.3.2"
},
{
"model": "vtscada",
"scope": "lte",
"trust": 1.0,
"vendor": "trihedral",
"version": "11.3.03"
},
{
"model": "engineering limited vtscada",
"scope": "eq",
"trust": 0.9,
"vendor": "trihedral",
"version": "11.3.3"
},
{
"model": "vtscada",
"scope": "lte",
"trust": 0.8,
"vendor": "trihedral engineering",
"version": "11.3.03"
},
{
"model": "engineering limited vtscada",
"scope": "lte",
"trust": 0.6,
"vendor": "trihedral",
"version": "\u003c=11.3.03"
},
{
"model": "vtscada",
"scope": "eq",
"trust": 0.6,
"vendor": "trihedral",
"version": "11.3.03"
},
{
"model": "engineering limited vtscada",
"scope": "ne",
"trust": 0.3,
"vendor": "trihedral",
"version": "11.3.5"
},
{
"model": "engineering limited vtscada",
"scope": "eq",
"trust": 0.2,
"vendor": "trihedral",
"version": "11.3.3*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtscada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32169"
},
{
"db": "BID",
"id": "101629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009928"
},
{
"db": "NVD",
"id": "CVE-2017-14031"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1244"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.03",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14031"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen and Mark Cross.",
"sources": [
{
"db": "BID",
"id": "101629"
}
],
"trust": 0.3
},
"cve": "CVE-2017-14031",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-14031",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-16270",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-32169",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14031",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14031",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-16270",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-32169",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1244",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32169"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009928"
},
{
"db": "NVD",
"id": "CVE-2017-14031"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1244"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine. Trihedral VTScada Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. There are multiple vulnerabilities in Trihedral Engineering Limited VTScada. An attacker could execute arbitrary script code in an affected application or bypass an security restriction to perform an unauthorized operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009928"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32169"
},
{
"db": "BID",
"id": "101629"
},
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-304-02",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2017-14031",
"trust": 3.2
},
{
"db": "BID",
"id": "101629",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-16270",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-32169",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1244",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009928",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F8AE50-39AB-11E9-BD77-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "66D3EE10-0A24-4CE8-81CF-5E3F113A7CB2",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32169"
},
{
"db": "BID",
"id": "101629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009928"
},
{
"db": "NVD",
"id": "CVE-2017-14031"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1244"
}
]
},
"id": "VAR-201711-0417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32169"
}
],
"trust": 2.3460526350000004
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32169"
}
]
},
"last_update_date": "2023-12-18T12:19:20.762000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Moving to the Current Version",
"trust": 0.8,
"url": "https://www.trihedral.com/help/content/op_welcome/wel_upgradenotes.htm"
},
{
"title": "Trihedral Engineering Limited VTScada ICSA-17-304-0 patch with multiple vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/137735"
},
{
"title": "Trihedral Engineering Limited VTScada does not authorize access to the vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/105113"
},
{
"title": "Trihedral VTScada Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100007"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32169"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009928"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1244"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009928"
},
{
"db": "NVD",
"id": "CVE-2017-14031"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-304-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14031"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14031"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/101629"
},
{
"trust": 0.3,
"url": "www.trihedral.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32169"
},
{
"db": "BID",
"id": "101629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009928"
},
{
"db": "NVD",
"id": "CVE-2017-14031"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1244"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"db": "IVD",
"id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
},
{
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"db": "CNVD",
"id": "CNVD-2017-32169"
},
{
"db": "BID",
"id": "101629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009928"
},
{
"db": "NVD",
"id": "CVE-2017-14031"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1244"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-27T00:00:00",
"db": "IVD",
"id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
},
{
"date": "2017-11-01T00:00:00",
"db": "IVD",
"id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
},
{
"date": "2018-08-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"date": "2017-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32169"
},
{
"date": "2017-10-31T00:00:00",
"db": "BID",
"id": "101629"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009928"
},
{
"date": "2017-11-06T22:29:00.380000",
"db": "NVD",
"id": "CVE-2017-14031"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1244"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16270"
},
{
"date": "2017-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32169"
},
{
"date": "2017-12-19T22:36:00",
"db": "BID",
"id": "101629"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009928"
},
{
"date": "2019-10-09T23:23:46.280000",
"db": "NVD",
"id": "CVE-2017-14031"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1244"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1244"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trihedral Engineering Limited VTScada Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
},
{
"db": "CNVD",
"id": "CNVD-2017-32169"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1244"
}
],
"trust": 0.8
}
}
FKIE_CVE-2022-3181
Vulnerability from fkie_nvd - Published: 2022-11-02 21:15 - Updated: 2024-11-21 07:18
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04 | Patch, Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FABA435-254B-4036-AE81-CC73C6F0A09C",
"versionEndIncluding": "12.0.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior.\u00a0A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. \n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de validaci\u00f3n de entrada incorrecta en Trihedral VTScada versi\u00f3n 12.0.38 y anteriores. Una solicitud HTTP espec\u00edficamente mal formada podr\u00eda provocar que el VTScada afectado fallara. Tanto los sistemas de red de \u00e1rea local (LAN) como los de Internet se ven afectados."
}
],
"id": "CVE-2022-3181",
"lastModified": "2024-11-21T07:18:59.383",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-02T21:15:09.773",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2017-14031
Vulnerability from fkie_nvd - Published: 2017-11-06 22:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E89749-F4C5-4044-928B-E8D3658E9CB3",
"versionEndIncluding": "11.3.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de control de acceso incorrecto en Trihedral VTScada en la versi\u00f3n 11.3.03 y anteriores. Un usuario local no administrador tiene privilegios para leer y escribir en el sistema de archivos de la m\u00e1quina objetivo."
}
],
"id": "CVE-2017-14031",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-06T22:29:00.380",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-14029
Vulnerability from fkie_nvd - Published: 2017-11-06 22:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E89749-F4C5-4044-928B-E8D3658E9CB3",
"versionEndIncluding": "11.3.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de elemento de ruta de b\u00fasqueda no controlado en Trihedral VTScada en la versi\u00f3n 11.3.03 y anteriores. El programa ejecutar\u00e1 archivos dll maliciosos especialmente manipulados en la m\u00e1quina objetivo."
}
],
"id": "CVE-2017-14029",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-06T22:29:00.350",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6053
Vulnerability from fkie_nvd - Published: 2017-06-21 19:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/99066 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 | Mitigation, Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99066 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 | Mitigation, Patch, Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA214CB5-FBA6-4996-9B94-0E69BE2E4BBB",
"versionEndIncluding": "11.2.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user\u0027s browser."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de tipo cross-site-scripting (XSS) en Trihedral VTScada versiones anteriores a 11.2.26. Una vulnerabilidad tipo cross-site-scripting (XSS) puede permitir que el c\u00f3digo JavaScript suministrado por el atacante se ejecute en el navegador del usuario."
}
],
"id": "CVE-2017-6053",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-21T19:29:00.370",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99066"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6045
Vulnerability from fkie_nvd - Published: 2017-06-21 19:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/99066 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 | Mitigation, Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99066 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 | Mitigation, Patch, Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA214CB5-FBA6-4996-9B94-0E69BE2E4BBB",
"versionEndIncluding": "11.2.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de Exposici\u00f3n de Informaci\u00f3n en Trihedral VTScada versiones anteriores a 11.2.26. Algunos archivos se exponen dentro de la aplicaci\u00f3n del servidor web a usuarios no autenticados. Estos archivos pueden contener informaci\u00f3n de configuraci\u00f3n confidencial."
}
],
"id": "CVE-2017-6045",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-21T19:29:00.307",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99066"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-548"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6043
Vulnerability from fkie_nvd - Published: 2017-06-21 19:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/99066 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 | Mitigation, Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99066 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01 | Mitigation, Patch, Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA214CB5-FBA6-4996-9B94-0E69BE2E4BBB",
"versionEndIncluding": "11.2.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de consumo de recursos en Trihedral VTScada versiones anteriores a 11.2.26. El cliente no comprueba apropiadamente la entrada ni limita la cantidad de recursos que son utilizados por un atacante, que puede ser usado para consumir m\u00e1s recursos de los que est\u00e1n disponibles."
}
],
"id": "CVE-2017-6043",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-21T19:29:00.277",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99066"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-4532
Vulnerability from fkie_nvd - Published: 2016-06-09 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5FB3C2-42F0-4112-835F-EF71D4E17D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "49946BC8-E01F-4F74-88B4-5F0B1A6179C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.1.07:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9BB54A-83AE-41F8-B40B-BC3CB37683DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA21497-E048-4510-AA31-887235217F80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F47D9BD4-A05E-4696-A6D9-7AEFE20BBD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A85151-B206-4307-88C3-9107366C867F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.0.08:*:*:*:*:*:*:*",
"matchCriteriaId": "3A1D1396-B8FA-4092-B136-899E2167B446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "C1277933-197D-45D8-940C-1951212F9D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5D9BD5-6C99-45E0-9CE0-B25C2C5353F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "42DB3997-3DCF-403F-B054-3F8AF25BC089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "B5535DFC-4C77-4339-9C7A-C38BEC4404BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC20DC9-6606-460E-97AE-02D1F579E37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC2BF11-CE15-4216-928B-BF63B587FE8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:9.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCCFB2C-00B7-4828-BCE3-97EBC4057669",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EB9BB9-F8C9-4661-AC5A-E3FD79AD4EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.0.07:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6832C-B4EA-4A72-8ADF-B17F76DEE676",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.05:*:*:*:*:*:*:*",
"matchCriteriaId": "40460E2C-6919-4BF1-9E24-B3EE408FA995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.07:*:*:*:*:*:*:*",
"matchCriteriaId": "3C031266-31AF-436C-9F36-D7112D1EE9BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.08:*:*:*:*:*:*:*",
"matchCriteriaId": "862D6C1B-0765-43C9-BD39-7C9F90025C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "95A94950-0F03-42FD-A74D-8ADE7A59DDD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1798A8-EC8D-4CC5-AEBA-16EC45D1E754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "57B7C44C-9920-439A-BDDD-EC3C3DC171A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4BFACD-CEDB-4F1C-8BA6-E8B0BEF735F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "10349B72-13D3-4B70-B8CB-1223381F3630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "721D6C57-2ADA-4400-A876-80281819CE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4266371D-4476-4455-8CAF-83DAD092783C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "92EBB482-30B1-4AB3-A26A-0F1B66DFE5F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC79329-249A-41C6-A545-B681DD494606",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "35A5A441-F299-4E51-B2BF-872F263AC96C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D881DA9B-332A-47B0-9E1D-3936CC0E1761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB1488E-ABD2-443A-B51C-328FF32D4E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB14116-AA51-408D-B632-5605CCD18D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1122D8-6E21-40A8-916A-E66622146CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:8.1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0611D9-9C16-480A-BDB8-CC4FA289E6FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED3D431-13B0-4A2C-BE9F-64B89877DEEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C1112A-8D28-4E58-B6E6-A8E95C09B06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "9155F402-CED2-47BE-A77E-04B8CA33C820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B0BC5077-7CE2-4670-8DCE-89168EB9EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3121360F-A114-46C9-A2D2-183B9481E9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0EAFD7-0D67-4865-8537-E81B193A11B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0921489A-10AA-46D1-AD45-F29F0D97E302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BB39D-3EC5-4F81-9AB8-C003FB40ECE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F18ED0-7095-4126-B839-688994778D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5775D09F-02F8-45FE-94E4-B5BAB6A5FFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA6AD0D-B2EA-4112-B437-F87C4265B9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6C41FA48-FDAF-48FC-9E98-F95C2E9AC835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "EA71226A-7AFA-4185-A8A5-174C44C173C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1203617F-45D8-47C3-B32D-0F0DED539D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:11.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF04525-41E4-4DEE-BBF0-268F8B6969DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "697CBAB8-7025-44A6-A5A6-AFDDFA506CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC6FD46-0B0B-4859-A25C-292257454B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C42E3FF1-2FF0-433A-B450-185079707242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "591B8DE2-8150-4E4B-B293-D58598112E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trihedral:vtscada:10.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D4C8A2-1B3B-4A2C-BADC-B3745F4001F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la interfaz WAP en Trihedral VTScada (anteriormente VTS) 8.x hasta la versi\u00f3n 11.x en versiones anteriores a 11.2.02 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de nombres de ruta manipuladas."
}
],
"id": "CVE-2016-4532",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-09T10:59:05.340",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/91077"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-403"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-4523
Vulnerability from fkie_nvd - Published: 2016-06-09 10:59 - Updated: 2025-10-22 00:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/91077 | Broken Link, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | http://www.zerodayinitiative.com/advisories/ZDI-16-405 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91077 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-16-405 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01 | Third Party Advisory, US Government Resource | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4523 |
{
"cisaActionDue": "2022-05-06",
"cisaExploitAdd": "2022-04-15",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB0C125-20F0-47CC-84C3-9355F45C5387",
"versionEndExcluding": "11.2.02",
"versionStartIncluding": "8.0.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors."
},
{
"lang": "es",
"value": "La interfaz WAP en Trihedral VTScada (anteriormente VTS) 8.x hasta la versi\u00f3n 11.x en versiones anteriores a 11.2.02 permite a atacantes remotos provocar una ca\u00edda de servicio (lectura fuera de rango y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4523",
"lastModified": "2025-10-22T00:15:52.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2016-06-09T10:59:04.073",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91077"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-405"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4523"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2022-3181 (GCVE-0-2022-3181)
Vulnerability from cvelistv5 – Published: 2022-11-02 20:11 – Updated: 2025-04-16 16:06
VLAI?
Summary
An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Trihedral
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:35.638922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:06:13.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VTScada",
"vendor": "Trihedral",
"versions": [
{
"lessThanOrEqual": "12.0.38",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Trihedral"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. \u003c/span\u003e\n\n"
}
],
"value": "An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior.\u00a0A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T20:11:14.114Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3181",
"datePublished": "2022-11-02T20:11:14.114Z",
"dateReserved": "2022-09-12T16:30:17.139Z",
"dateUpdated": "2025-04-16T16:06:13.490Z",
"requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14029 (GCVE-0-2017-14029)
Vulnerability from cvelistv5 – Published: 2017-11-06 22:00 – Updated: 2024-08-05 19:13
VLAI?
Summary
An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral Engineering Limited VTScada |
Affected:
Trihedral Engineering Limited VTScada
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral Engineering Limited VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral Engineering Limited VTScada"
}
]
}
],
"datePublic": "2017-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-06T21:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-14029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral Engineering Limited VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral Engineering Limited VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-14029",
"datePublished": "2017-11-06T22:00:00",
"dateReserved": "2017-08-30T00:00:00",
"dateUpdated": "2024-08-05T19:13:41.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14031 (GCVE-0-2017-14031)
Vulnerability from cvelistv5 – Published: 2017-11-06 22:00 – Updated: 2024-08-05 19:13
VLAI?
Summary
An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral Engineering Limited VTScada |
Affected:
Trihedral Engineering Limited VTScada
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral Engineering Limited VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral Engineering Limited VTScada"
}
]
}
],
"datePublic": "2017-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-06T21:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-14031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral Engineering Limited VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral Engineering Limited VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-14031",
"datePublished": "2017-11-06T22:00:00",
"dateReserved": "2017-08-30T00:00:00",
"dateUpdated": "2024-08-05T19:13:41.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6045 (GCVE-0-2017-6045)
Vulnerability from cvelistv5 – Published: 2017-06-21 19:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral VTScada |
Affected:
Trihedral VTScada
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral VTScada"
}
]
}
],
"datePublic": "2017-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-548",
"description": "CWE-548",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-548"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6045",
"datePublished": "2017-06-21T19:00:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6043 (GCVE-0-2017-6043)
Vulnerability from cvelistv5 – Published: 2017-06-21 19:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral VTScada |
Affected:
Trihedral VTScada
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral VTScada"
}
]
}
],
"datePublic": "2017-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6043",
"datePublished": "2017-06-21T19:00:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6053 (GCVE-0-2017-6053)
Vulnerability from cvelistv5 – Published: 2017-06-21 19:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral VTScada |
Affected:
Trihedral VTScada
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral VTScada"
}
]
}
],
"datePublic": "2017-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user\u0027s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user\u0027s browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6053",
"datePublished": "2017-06-21T19:00:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3181 (GCVE-0-2022-3181)
Vulnerability from nvd – Published: 2022-11-02 20:11 – Updated: 2025-04-16 16:06
VLAI?
Summary
An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Trihedral
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:35.638922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:06:13.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VTScada",
"vendor": "Trihedral",
"versions": [
{
"lessThanOrEqual": "12.0.38",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Trihedral"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. \u003c/span\u003e\n\n"
}
],
"value": "An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior.\u00a0A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T20:11:14.114Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3181",
"datePublished": "2022-11-02T20:11:14.114Z",
"dateReserved": "2022-09-12T16:30:17.139Z",
"dateUpdated": "2025-04-16T16:06:13.490Z",
"requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14029 (GCVE-0-2017-14029)
Vulnerability from nvd – Published: 2017-11-06 22:00 – Updated: 2024-08-05 19:13
VLAI?
Summary
An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral Engineering Limited VTScada |
Affected:
Trihedral Engineering Limited VTScada
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral Engineering Limited VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral Engineering Limited VTScada"
}
]
}
],
"datePublic": "2017-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-06T21:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-14029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral Engineering Limited VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral Engineering Limited VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-14029",
"datePublished": "2017-11-06T22:00:00",
"dateReserved": "2017-08-30T00:00:00",
"dateUpdated": "2024-08-05T19:13:41.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14031 (GCVE-0-2017-14031)
Vulnerability from nvd – Published: 2017-11-06 22:00 – Updated: 2024-08-05 19:13
VLAI?
Summary
An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral Engineering Limited VTScada |
Affected:
Trihedral Engineering Limited VTScada
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral Engineering Limited VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral Engineering Limited VTScada"
}
]
}
],
"datePublic": "2017-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-06T21:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-14031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral Engineering Limited VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral Engineering Limited VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-14031",
"datePublished": "2017-11-06T22:00:00",
"dateReserved": "2017-08-30T00:00:00",
"dateUpdated": "2024-08-05T19:13:41.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6045 (GCVE-0-2017-6045)
Vulnerability from nvd – Published: 2017-06-21 19:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral VTScada |
Affected:
Trihedral VTScada
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral VTScada"
}
]
}
],
"datePublic": "2017-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-548",
"description": "CWE-548",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-548"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6045",
"datePublished": "2017-06-21T19:00:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6043 (GCVE-0-2017-6043)
Vulnerability from nvd – Published: 2017-06-21 19:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral VTScada |
Affected:
Trihedral VTScada
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral VTScada"
}
]
}
],
"datePublic": "2017-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6043",
"datePublished": "2017-06-21T19:00:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6053 (GCVE-0-2017-6053)
Vulnerability from nvd – Published: 2017-06-21 19:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trihedral VTScada |
Affected:
Trihedral VTScada
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trihedral VTScada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Trihedral VTScada"
}
]
}
],
"datePublic": "2017-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user\u0027s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trihedral VTScada",
"version": {
"version_data": [
{
"version_value": "Trihedral VTScada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user\u0027s browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6053",
"datePublished": "2017-06-21T19:00:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}