Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities by Trihedral Engineering

    VAR-202210-2081

    Vulnerability from variot - Updated: 2024-06-07 22:53

    An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior.  A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. Trihedral Provided by the company VTScada contains the following vulnerabilities: * Inappropriate input confirmation (CWE-20) - CVE-2022-3181Successful exploitation of this vulnerability could result in the following effects from a remote third party: * crafted by a remote third party HTTP Sending a request can cause the product to crash

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-2081",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vtscada",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "12.0.38"
          },
          {
            "model": "vtscada",
            "scope": null,
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": null
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": null
          },
          {
            "model": "vtscada",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "12.0.38  and earlier"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002632"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3181"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "12.0.38",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-3181"
          }
        ]
      },
      "cve": "CVE-2022-3181",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-002632",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-3181",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-3181",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2022-002632",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-2420",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002632"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2420"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3181"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3181"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. \u00a0A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. Trihedral Provided by the company VTScada contains the following vulnerabilities: * Inappropriate input confirmation (CWE-20) - CVE-2022-3181Successful exploitation of this vulnerability could result in the following effects from a remote third party: * crafted by a remote third party HTTP Sending a request can cause the product to crash",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-3181"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002632"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-3181",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-300-04",
            "trust": 2.4
          },
          {
            "db": "JVN",
            "id": "JVNVU93422132",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002632",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5427",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2420",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002632"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2420"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3181"
          }
        ]
      },
      "id": "VAR-202210-2081",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.59210527
      },
      "last_update_date": "2024-06-07T22:53:10.566000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Download\u00a0VTScada Trihedral\u00a0Engineering",
            "trust": 0.8,
            "url": "https://www.vtscada.com/download-vtscada/"
          },
          {
            "title": "VTScada Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=212873"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002632"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2420"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002632"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3181"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3181"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93422132"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-3181/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5427"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002632"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2420"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3181"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002632"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2420"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3181"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002632"
          },
          {
            "date": "2022-10-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-2420"
          },
          {
            "date": "2022-11-02T21:15:09.773000",
            "db": "NVD",
            "id": "CVE-2022-3181"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-06-06T08:44:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002632"
          },
          {
            "date": "2022-11-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-2420"
          },
          {
            "date": "2023-11-07T03:50:56.520000",
            "db": "NVD",
            "id": "CVE-2022-3181"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2420"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Trihedral\u00a0 Made \u00a0VTScada\u00a0 Improper Input Validation Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002632"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2420"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201606-0254

    Vulnerability from variot - Updated: 2023-12-26 22:44

    The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to traverse user-supplied paths. An attacker can leverage this vulnerability to execute code under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A buffer overflow vulnerability exists in the WAP interface of Trihedral VTScada 8 and pre-1.0.2. VTScada is prone to multiple security vulnerabilities. Exploiting these issues will allow attackers to obtain sensitive information, cause denial-of-service conditions or to bypass certain security restrictions and perform unauthorized actions. VTScada versions 8 through 11.2.x are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0254",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.13"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.19"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.18"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.06"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.09"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.10"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.14"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.16"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.17"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.0.17"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.15"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.0.02"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.14"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.11"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.0.07"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.0.14"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.24"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.07"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.1.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.13"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.19"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.09"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.1.06"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.0.11"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.08"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.20"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.0.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.0.13"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.17"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.0.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.22"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.1.06"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.0.18"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.0.12"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.03"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.0.08"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.0.03"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.1.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.21"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.1.07"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.20"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.0.16"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.02"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.1.12"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.14"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.15"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.11"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.21"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.0.16"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.20"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.22"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "11.x"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "8.x from  11.2.02"
          },
          {
            "model": "vtscada",
            "scope": null,
            "trust": 0.7,
            "vendor": "trihedral engineering",
            "version": null
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "8"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "11.2.02"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.0.02"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.0.03"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.0.08"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.02"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.03"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.09"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.14"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.0.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.0.07"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.13"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.14"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.16"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.17"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.1.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.1.06"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.1.07"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.1.12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.07"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.08"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.13"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.14"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.15"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.17"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.19"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.21"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.22"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.0.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.0.12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.0.16"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.0.18"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.1.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.1.06"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.06"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.09"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.13"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.14"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.15"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.16"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.17"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.18"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.19"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.21"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.22"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.24"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-405"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04028"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003066"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4523"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-218"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.09:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.08:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.0.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.0.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.16:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.19:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.15:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.22:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.08:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.1.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.16:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.1.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.18:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.16:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.15:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.24:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.22:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.19:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.18:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.09:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4523"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-405"
          },
          {
            "db": "BID",
            "id": "91077"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2016-4523",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": true,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-4523",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-4523",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-04028",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-4523",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-4523",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2016-4523",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-04028",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201606-218",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-4523",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-405"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04028"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-4523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003066"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4523"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-218"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to traverse user-supplied paths. An attacker can leverage this vulnerability to execute code under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A buffer overflow vulnerability exists in the WAP interface of Trihedral VTScada 8 and pre-1.0.2. VTScada is prone to multiple security vulnerabilities. \nExploiting these issues will allow attackers to obtain sensitive  information, cause denial-of-service conditions or to bypass certain  security restrictions and perform unauthorized actions. \nVTScada versions 8 through 11.2.x are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003066"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-405"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04028"
          },
          {
            "db": "BID",
            "id": "91077"
          },
          {
            "db": "IVD",
            "id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-4523"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-4523",
            "trust": 4.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-159-01",
            "trust": 3.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-405",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "91077",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04028",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-218",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003066",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3575",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "A5F1CBB5-A38E-4CA2-BC23-F61CC5F911E2",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-4523",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-405"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04028"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-4523"
          },
          {
            "db": "BID",
            "id": "91077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003066"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4523"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-218"
          }
        ]
      },
      "id": "VAR-201606-0254",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04028"
          }
        ],
        "trust": 1.39210527
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04028"
          }
        ]
      },
      "last_update_date": "2023-12-26T22:44:35.116000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ICS-CERT VTScada Security Announcement (ICSA-16-159-01)",
            "trust": 0.8,
            "url": "https://www.trihedral.com/ics-cert-vtscada-security-announcement"
          },
          {
            "title": "Trihedral Engineering Ltd  has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-159-01"
          },
          {
            "title": "Trihedral VTScada Buffer Overflow Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/77534"
          },
          {
            "title": "Trihedral VTScada Buffer Overflow Vulnerability Fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62174"
          },
          {
            "title": "Known Exploited Vulnerabilities Detector",
            "trust": 0.1,
            "url": "https://github.com/ostorlab/kev "
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-405"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04028"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-4523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-218"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003066"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4523"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.9,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-159-01"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/91077"
          },
          {
            "trust": 1.1,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-16-405"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4523"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4523"
          },
          {
            "trust": 0.6,
            "url": "http://www.trihedral.com/help/#op_welcome/wel_upgradenotes.htm"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=46605"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/ostorlab/kev"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-405"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04028"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-4523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003066"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4523"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-218"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-405"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04028"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-4523"
          },
          {
            "db": "BID",
            "id": "91077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003066"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4523"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-218"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-06-15T00:00:00",
            "db": "IVD",
            "id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
          },
          {
            "date": "2016-07-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-405"
          },
          {
            "date": "2016-06-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04028"
          },
          {
            "date": "2016-06-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-4523"
          },
          {
            "date": "2016-06-07T00:00:00",
            "db": "BID",
            "id": "91077"
          },
          {
            "date": "2016-06-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003066"
          },
          {
            "date": "2016-06-09T10:59:04.073000",
            "db": "NVD",
            "id": "CVE-2016-4523"
          },
          {
            "date": "2016-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-218"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-07-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-405"
          },
          {
            "date": "2016-06-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04028"
          },
          {
            "date": "2016-11-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-4523"
          },
          {
            "date": "2016-07-06T15:12:00",
            "db": "BID",
            "id": "91077"
          },
          {
            "date": "2016-06-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003066"
          },
          {
            "date": "2016-11-28T20:18:36.087000",
            "db": "NVD",
            "id": "CVE-2016-4523"
          },
          {
            "date": "2016-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-218"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-218"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Trihedral VTScada Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04028"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-218"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-218"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201412-0412

    Vulnerability from variot - Updated: 2023-12-18 13:57

    Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the included HTTP server. By providing a small negative content length, an attacker is able to cause an integer overflow, resulting in the allocation of too small a buffer. The resulting heap overwrite will terminate the HTTP server. Trihedral VTScada is a SCADA industrial control product. Trihedral VTScada is prone to a denial-of-service vulnerability. Successful exploits can crash the affected application, denying service to legitimate users

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0412",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.07"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.22"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.20"
          },
          {
            "model": "vtscada",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.0"
          },
          {
            "model": "vtscada",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "6.5"
          },
          {
            "model": "vtscada",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.0"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "10.x"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "11.x"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "( old  vts) 6.5 from  9.1.20"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "9.x"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "( old  vts) 11.1.07"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "( old  vts) 10.2.22"
          },
          {
            "model": "vtscada",
            "scope": null,
            "trust": 0.7,
            "vendor": "trihedral engineering",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.6,
            "vendor": "vtscada",
            "version": "*"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "6.5-9.x(\u003c9.1.20)"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "6.5-10.x(\u003c10.2.22)"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "6.5-11.x(\u003c11.1.07)"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "10.0"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "11.0"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "10.2.21"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "9.0"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "6.5"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "9.1.19"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "11.1.07"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-425"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08874"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005967"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9192"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-277"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.2.22",
                    "versionStartIncluding": "10.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.1.20",
                    "versionStartIncluding": "6.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.1.07",
                    "versionStartIncluding": "11.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9192"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-425"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2014-9192",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2014-9192",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-9192",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-08874",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-9192",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2014-9192",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-08874",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201412-277",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-425"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08874"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005967"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9192"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-277"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the included HTTP server. By providing a small negative content length, an attacker is able to cause an integer overflow, resulting in the allocation of too small a buffer. The resulting heap overwrite will terminate the HTTP server. Trihedral VTScada is a SCADA industrial control product. Trihedral VTScada is prone to a denial-of-service vulnerability. \nSuccessful exploits can crash the affected application, denying service to legitimate users",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9192"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-425"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08874"
          },
          {
            "db": "BID",
            "id": "71591"
          },
          {
            "db": "IVD",
            "id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-9192",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-343-02",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "71591",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08874",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-277",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005967",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-2599",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-425",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "B0E1AD4A-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-425"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08874"
          },
          {
            "db": "BID",
            "id": "71591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005967"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9192"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-277"
          }
        ]
      },
      "id": "VAR-201412-0412",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08874"
          }
        ],
        "trust": 1.39210527
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08874"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:57:37.934000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.trihedral.com/"
          },
          {
            "title": "Trihedral Engineering Ltd  has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-343-02"
          },
          {
            "title": "Trihedral VTScada malformation request for denial of service vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/52717"
          },
          {
            "title": "VTSCADA 11.1.09 Full",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52973"
          },
          {
            "title": "VTScada 10.2.22 Full",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52972"
          },
          {
            "title": "VTS 9.1.20",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52971"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-425"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08874"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005967"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-277"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-189",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005967"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9192"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://ics-cert.us-cert.gov//advisories/icsa-14-343-02"
          },
          {
            "trust": 1.4,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9192"
          },
          {
            "trust": 1.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-343-02"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/71591"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9192"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-425"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08874"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005967"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9192"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-277"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-425"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08874"
          },
          {
            "db": "BID",
            "id": "71591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005967"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9192"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-277"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-12-12T00:00:00",
            "db": "IVD",
            "id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2014-12-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-425"
          },
          {
            "date": "2014-12-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08874"
          },
          {
            "date": "2014-12-09T00:00:00",
            "db": "BID",
            "id": "71591"
          },
          {
            "date": "2014-12-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005967"
          },
          {
            "date": "2014-12-11T15:59:04.773000",
            "db": "NVD",
            "id": "CVE-2014-9192"
          },
          {
            "date": "2014-12-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201412-277"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-12-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-425"
          },
          {
            "date": "2014-12-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08874"
          },
          {
            "date": "2015-07-15T00:14:00",
            "db": "BID",
            "id": "71591"
          },
          {
            "date": "2014-12-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005967"
          },
          {
            "date": "2019-02-01T18:06:44.377000",
            "db": "NVD",
            "id": "CVE-2014-9192"
          },
          {
            "date": "2019-02-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201412-277"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-277"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Trihedral VTScada Malformed Request Denial of Service Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "b0e1ad4a-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08874"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "digital error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201412-277"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201606-0260

    Vulnerability from variot - Updated: 2023-12-18 13:14

    Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to properly restrict the path from which images are retrieved. An attacker can leverage this vulnerability to disclose the contents of arbitrary files under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. VTScada is prone to multiple security vulnerabilities. Exploiting these issues will allow attackers to obtain sensitive information, cause denial-of-service conditions or to bypass certain security restrictions and perform unauthorized actions. VTScada versions 8 through 11.2.x are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0260",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "10.0.17"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "10.0.14"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.13"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "10.0.11"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "10.0.13"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.06"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.09"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.10"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "10.0.16"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.15"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.0.02"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.14"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.11"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.0.07"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.24"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.19"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.07"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.1.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.13"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.19"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.1.06"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.09"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.08"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.0.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.20"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.18"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.17"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.0.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.22"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.1.06"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.0.18"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.0.12"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.0.08"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.0.03"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.03"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.1.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.21"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.1.07"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.14"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.20"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.16"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.02"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.1.12"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.14"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.15"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.11"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.17"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.21"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.0.16"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.20"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.22"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "11.x"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "8.x from  11.2.02"
          },
          {
            "model": "vtscada",
            "scope": null,
            "trust": 0.7,
            "vendor": "trihedral engineering",
            "version": null
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "8"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "11.2.02"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.1.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.1.06"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.1.07"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.1.12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.0.02"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.0.03"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.0.08"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.02"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.03"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.09"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.14"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.0.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.0.07"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.07"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.08"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.13"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.14"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.15"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.17"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.19"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.21"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.22"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.0.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.0.12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.0.16"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.0.18"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.1.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.1.06"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.06"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.09"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.13"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.14"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.15"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.16"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.17"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.18"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.19"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.21"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.22"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.24"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.13"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.14"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.16"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.17"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-403"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04027"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003078"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-219"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.09:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.08:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.0.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.0.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.15:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.22:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.08:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.19:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.1.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.16:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.1.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.18:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.22:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.18:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.19:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.09:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.24:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.16:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.15:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.16:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4532"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-403"
          },
          {
            "db": "BID",
            "id": "91077"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2016-4532",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-4532",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-4532",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-04027",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "007c45d2-f49c-4f4c-b34a-a12ea1873170",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 9.1,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-4532",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-4532",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2016-4532",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-04027",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201606-219",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "007c45d2-f49c-4f4c-b34a-a12ea1873170",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-403"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04027"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003078"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-219"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests.  The issue lies in the failure to properly restrict the path from which images are retrieved.  An attacker can leverage this vulnerability to disclose the contents of arbitrary files under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. VTScada is prone to multiple security vulnerabilities. \nExploiting these issues will allow attackers to obtain sensitive  information, cause denial-of-service conditions or to bypass certain  security restrictions and perform unauthorized actions. \nVTScada versions 8 through 11.2.x are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003078"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-403"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04027"
          },
          {
            "db": "BID",
            "id": "91077"
          },
          {
            "db": "IVD",
            "id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-4532",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-159-01",
            "trust": 3.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-403",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "91077",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04027",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-219",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003078",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3513",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "007C45D2-F49C-4F4C-B34A-A12EA1873170",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-403"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04027"
          },
          {
            "db": "BID",
            "id": "91077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003078"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-219"
          }
        ]
      },
      "id": "VAR-201606-0260",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04027"
          }
        ],
        "trust": 1.39210527
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04027"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:14:32.308000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ICS-CERT VTScada Security Announcement (ICSA-16-159-01)",
            "trust": 0.8,
            "url": "https://www.trihedral.com/ics-cert-vtscada-security-announcement"
          },
          {
            "title": "Trihedral Engineering Ltd  has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-159-01"
          },
          {
            "title": "Trihedral VTScada directory traversal vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/77535"
          },
          {
            "title": "Trihedral VTScada Fixes for directory traversal vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62175"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-403"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04027"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003078"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-219"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003078"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4532"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-159-01"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/91077"
          },
          {
            "trust": 1.0,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-16-403"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4532"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4532"
          },
          {
            "trust": 0.6,
            "url": "http://www.trihedral.com/help/#op_welcome/wel_upgradenotes.htm"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-403"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04027"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003078"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-219"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-403"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04027"
          },
          {
            "db": "BID",
            "id": "91077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003078"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-219"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-06-15T00:00:00",
            "db": "IVD",
            "id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
          },
          {
            "date": "2016-07-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-403"
          },
          {
            "date": "2016-06-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04027"
          },
          {
            "date": "2016-06-07T00:00:00",
            "db": "BID",
            "id": "91077"
          },
          {
            "date": "2016-06-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003078"
          },
          {
            "date": "2016-06-09T10:59:05.340000",
            "db": "NVD",
            "id": "CVE-2016-4532"
          },
          {
            "date": "2016-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-219"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-07-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-403"
          },
          {
            "date": "2016-06-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04027"
          },
          {
            "date": "2016-07-06T15:12:00",
            "db": "BID",
            "id": "91077"
          },
          {
            "date": "2016-06-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003078"
          },
          {
            "date": "2016-11-28T20:18:40.477000",
            "db": "NVD",
            "id": "CVE-2016-4532"
          },
          {
            "date": "2016-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-219"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-219"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Trihedral VTScada Directory Traversal Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04027"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-219"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Path traversal",
        "sources": [
          {
            "db": "IVD",
            "id": "007c45d2-f49c-4f4c-b34a-a12ea1873170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-219"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201606-0247

    Vulnerability from variot - Updated: 2023-12-18 13:14

    The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to properly validate user-supplied filenames. An attacker can leverage this vulnerability to disclose the contents of arbitrary files under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. An authorization vulnerability exists in the WAP interface of Trihedral VTScada 8 and pre-December 2.2.0. VTScada is prone to multiple security vulnerabilities. Exploiting these issues will allow attackers to obtain sensitive information, cause denial-of-service conditions or to bypass certain security restrictions and perform unauthorized actions. VTScada versions 8 through 11.2.x are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0247",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.19"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.18"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "8.1.06"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "8.0.18"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "8.1.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.20"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.16"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "11.1.17"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trihedral",
            "version": "8.0.16"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.0.17"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.15"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.0.02"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.14"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.11"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.0.07"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.0.14"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.24"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.07"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.1.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.13"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.19"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.1.06"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.09"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.0.11"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.0.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.08"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.20"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.0.13"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.22"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.17"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.06"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.20"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.0.05"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.09"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "8.0.12"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.0.08"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.0.03"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.03"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.21"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.1.07"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.10"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.14"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.0.16"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.02"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.1.12"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.15"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.14"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "9.1.11"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.21"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.1.13"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "10.2.22"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "11.x"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "8.x from  11.2.02"
          },
          {
            "model": "vtscada",
            "scope": null,
            "trust": 0.7,
            "vendor": "trihedral engineering",
            "version": null
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "8"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "11.2.02"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.1.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.1.06"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.1.07"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.1.12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.13"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.14"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.16"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.0.17"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.06"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.09"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.13"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.14"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.15"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.16"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.17"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.18"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.19"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.21"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.22"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.1.24"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.0.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.0.12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.0.16"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.0.18"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.1.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "8.1.06"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.07"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.08"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.13"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.14"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.15"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.17"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.19"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.21"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "10.2.22"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.0.02"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.0.03"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.0.08"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.02"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.03"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.09"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.14"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "9.1.20"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.0.05"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "11.0.07"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3bc17619-9912-4535-90ec-0ef1dd642360"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-404"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003077"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4510"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-217"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.1.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.16:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.0.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.19:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.09:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.16:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.15:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.18:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.24:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.22:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.1.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.16:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.1.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.1.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:8.0.18:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.15:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.22:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.08:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.19:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:10.2.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.09:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.1.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:9.0.08:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.0.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:11.0.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4510"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-404"
          },
          {
            "db": "BID",
            "id": "91077"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2016-4510",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-4510",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-4510",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-04029",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "3bc17619-9912-4535-90ec-0ef1dd642360",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 9.1,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-4510",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-4510",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2016-4510",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-04029",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201606-217",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "3bc17619-9912-4535-90ec-0ef1dd642360",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3bc17619-9912-4535-90ec-0ef1dd642360"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-404"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003077"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4510"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-217"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests.  The issue lies in the failure to properly validate user-supplied filenames.  An attacker can leverage this vulnerability to disclose the contents of arbitrary files under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. An authorization vulnerability exists in the WAP interface of Trihedral VTScada 8 and pre-December 2.2.0. VTScada is prone to multiple security vulnerabilities. \nExploiting these issues will allow attackers to obtain sensitive  information, cause denial-of-service conditions or to bypass certain  security restrictions and perform unauthorized actions. \nVTScada versions 8 through 11.2.x are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003077"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-404"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04029"
          },
          {
            "db": "BID",
            "id": "91077"
          },
          {
            "db": "IVD",
            "id": "3bc17619-9912-4535-90ec-0ef1dd642360"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-4510",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-159-01",
            "trust": 3.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-404",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "91077",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04029",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-217",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003077",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3512",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "3BC17619-9912-4535-90EC-0EF1DD642360",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3bc17619-9912-4535-90ec-0ef1dd642360"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-404"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04029"
          },
          {
            "db": "BID",
            "id": "91077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003077"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4510"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-217"
          }
        ]
      },
      "id": "VAR-201606-0247",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "3bc17619-9912-4535-90ec-0ef1dd642360"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04029"
          }
        ],
        "trust": 1.39210527
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3bc17619-9912-4535-90ec-0ef1dd642360"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04029"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:14:32.267000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ICS-CERT VTScada Security Announcement (ICSA-16-159-01)",
            "trust": 0.8,
            "url": "https://www.trihedral.com/ics-cert-vtscada-security-announcement"
          },
          {
            "title": "Trihedral Engineering Ltd  has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-159-01"
          },
          {
            "title": "Patch for Trihedral VTScada Authorization Issue Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/77533"
          },
          {
            "title": "Trihedral VTScada Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62173"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-404"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003077"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-217"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003077"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4510"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-159-01"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/91077"
          },
          {
            "trust": 1.0,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-16-404"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4510"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4510"
          },
          {
            "trust": 0.6,
            "url": "http://www.trihedral.com/help/#op_welcome/wel_upgradenotes.htm"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-404"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003077"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4510"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-217"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "3bc17619-9912-4535-90ec-0ef1dd642360"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-404"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04029"
          },
          {
            "db": "BID",
            "id": "91077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003077"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4510"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-217"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-06-15T00:00:00",
            "db": "IVD",
            "id": "3bc17619-9912-4535-90ec-0ef1dd642360"
          },
          {
            "date": "2016-07-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-404"
          },
          {
            "date": "2016-06-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04029"
          },
          {
            "date": "2016-06-07T00:00:00",
            "db": "BID",
            "id": "91077"
          },
          {
            "date": "2016-06-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003077"
          },
          {
            "date": "2016-06-09T10:59:03.043000",
            "db": "NVD",
            "id": "CVE-2016-4510"
          },
          {
            "date": "2016-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-217"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-07-01T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-404"
          },
          {
            "date": "2016-06-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04029"
          },
          {
            "date": "2016-07-06T15:12:00",
            "db": "BID",
            "id": "91077"
          },
          {
            "date": "2016-06-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003077"
          },
          {
            "date": "2016-11-28T20:18:30.883000",
            "db": "NVD",
            "id": "CVE-2016-4510"
          },
          {
            "date": "2016-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-217"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-217"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Trihedral VTScada Authorization Issue Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "3bc17619-9912-4535-90ec-0ef1dd642360"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04029"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-217"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201706-0469

    Vulnerability from variot - Updated: 2023-12-18 12:44

    An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. Trihedral VTScada is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. A cross-site scripting vulnerability. 3. An information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral Equipment: VTScada Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure Advisory URL: https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/

    ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01


    AFFECTED PRODUCTS

    The following versions of VTScada, an HMI SCADA software, are affected:

    VTScada Versions prior to 11.2.26


    IMPACT

    Successful exploitation of these vulnerabilities could result in uncontrolled resource consumption, arbitrary code execution, or information exposure.


    VULNERABILITY OVERVIEW

    UNCONTROLLED RESOURCE CONSUMPTION CWE-400 https://cwe.mitre.org/data/definitions/400.html

    The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ).

    Exploitation

    Note that this vulnerability targets the VTScada thick client installed on the system. Any application user (including a non-admin, restricted user) who has access to the thick client can potentially bring down the system.

    Payload can be up to ~80k characters. Repeated attempts result in spiked CPU usage & consumption of RAM / page resources. Where a full-blown application (or multiple applications in production scenario) is deployed, i.e. with an operational/functional configuration, memory/CPU usage is notably higher than that of a test, blank application. Repeatedly submitting such a large username input, rapidly consumes available server memory resources leading to resource exhaustion. This forces a system reboot eventually.

    Where an endpoint security solution (such as AV/HIPS/Anti-Malware) is deployed on the system, resource exhaustion may be achieved relatively much faster (quickly). A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N ).

    Exploitation

    Multiple URLs and parameters were found to vulnerable to Reflected Cross-Site Scripting. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N )

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0469",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vtscada",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.2.23"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "11.2.26"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "11.2.26"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "11.2.23"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.2.2"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.1.18"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.1.17"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.2"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.1.09"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.1.07"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.0"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "10.2.22"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "10.2"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "10.1"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "10"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "09.1.20"
          },
          {
            "model": "engineering vtscada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.2.26"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10706"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004918"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-829"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.2.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6045"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Karn Ganeshen.",
        "sources": [
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-829"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-6045",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-6045",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-10706",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "88db1989-3529-4cae-9472-2d7b6e93ab47",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-6045",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-6045",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-10706",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-829",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "88db1989-3529-4cae-9472-2d7b6e93ab47",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10706"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004918"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-829"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. Trihedral VTScada is prone to multiple security vulnerabilities:\n1. A denial-of-service vulnerability. \n2. A cross-site scripting vulnerability. \n3. An information-disclosure vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral\nEquipment: VTScada\nVulnerability: Resource Consumption, Cross-Site Scripting, Information\nExposure\nAdvisory URL:\nhttps://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/\n\nICS-CERT Advisory\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-164-01\n\n------------------------\nAFFECTED PRODUCTS\n------------------------\nThe following versions of VTScada, an HMI SCADA software, are affected:\n\nVTScada Versions prior to 11.2.26\n\n------------------------\nIMPACT\n------------------------\n\nSuccessful exploitation of these vulnerabilities could result in\nuncontrolled resource consumption, arbitrary code execution, or information\nexposure. \n\n------------------------\nVULNERABILITY OVERVIEW\n------------------------\n\nUNCONTROLLED RESOURCE CONSUMPTION CWE-400\n\u003chttps://cwe.mitre.org/data/definitions/400.html\u003e\n\nThe client does not properly validate the input or limit the amount of\nresources that are utilized by an attacker, which can be used to consume\nmore resources than are available. A CVSS v3 base score of 7.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\u003e\n). \n\nExploitation\n\nNote that this vulnerability targets the VTScada thick client installed on\nthe system. Any application user (including a non-admin, restricted user)\nwho has access to the thick client can potentially bring down the system. \n\nPayload can be up to ~80k characters. Repeated attempts result in spiked\nCPU usage \u0026 consumption of RAM / page resources. Where a full-blown\napplication (or multiple applications in production scenario) is deployed,\ni.e. with an operational/functional configuration, memory/CPU usage is\nnotably higher than that of a test, blank application. Repeatedly\nsubmitting such a large username input, rapidly consumes available server\nmemory resources leading to resource exhaustion. This forces a system\nreboot eventually. \n\nWhere an endpoint security solution (such as AV/HIPS/Anti-Malware) is\ndeployed on the system, resource exhaustion may be achieved relatively much\nfaster (quickly). A CVSS v3 base score of 6.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\u003e\n). \n\nExploitation\n\nMultiple URLs and parameters were found to vulnerable to Reflected\nCross-Site Scripting. A CVSS v3 base score of 7.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\u003e\n)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004918"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10706"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "IVD",
            "id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
          },
          {
            "db": "PACKETSTORM",
            "id": "143216"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6045",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-164-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "99066",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10706",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-829",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004918",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "88DB1989-3529-4CAE-9472-2D7B6E93AB47",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "143216",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10706"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004918"
          },
          {
            "db": "PACKETSTORM",
            "id": "143216"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-829"
          }
        ]
      },
      "id": "VAR-201706-0469",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10706"
          }
        ],
        "trust": 1.39210527
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10706"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:44:32.062000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.trihedral.com/"
          },
          {
            "title": "Trihedral VTScada Information Disclosure Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/96153"
          },
          {
            "title": "Trihedral VTScada Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71097"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-10706"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004918"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-829"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004918"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6045"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-164-01"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/99066"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6045"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6045"
          },
          {
            "trust": 0.3,
            "url": "www.trihedral.com"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6045\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6053\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/400.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6043\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:n/s:u/c:h/i:n/a:n\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:n/s:u/c:n/i:n/a:h\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:r/s:u/c:h/i:n/a:n\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/548.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-10706"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004918"
          },
          {
            "db": "PACKETSTORM",
            "id": "143216"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-829"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10706"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004918"
          },
          {
            "db": "PACKETSTORM",
            "id": "143216"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-829"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-22T00:00:00",
            "db": "IVD",
            "id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
          },
          {
            "date": "2017-06-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-10706"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "BID",
            "id": "99066"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004918"
          },
          {
            "date": "2017-06-30T11:11:11",
            "db": "PACKETSTORM",
            "id": "143216"
          },
          {
            "date": "2017-06-21T19:29:00.307000",
            "db": "NVD",
            "id": "CVE-2017-6045"
          },
          {
            "date": "2017-06-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-829"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-10706"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "BID",
            "id": "99066"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004918"
          },
          {
            "date": "2019-10-09T23:28:37.857000",
            "db": "NVD",
            "id": "CVE-2017-6045"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-829"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-829"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Trihedral VTScada Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "88db1989-3529-4cae-9472-2d7b6e93ab47"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10706"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-829"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-829"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201706-0451

    Vulnerability from variot - Updated: 2023-12-18 12:44

    A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. Trihedral VTScada is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. 3. An information-disclosure vulnerability. This can allow the attacker to steal cookie-based authentication credentials or gain access to sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral Equipment: VTScada Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure Advisory URL: https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/

    ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01


    AFFECTED PRODUCTS

    The following versions of VTScada, an HMI SCADA software, are affected:

    VTScada Versions prior to 11.2.26


    IMPACT

    Successful exploitation of these vulnerabilities could result in uncontrolled resource consumption, arbitrary code execution, or information exposure.


    VULNERABILITY OVERVIEW

    UNCONTROLLED RESOURCE CONSUMPTION CWE-400 https://cwe.mitre.org/data/definitions/400.html

    The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ).

    Exploitation

    Note that this vulnerability targets the VTScada thick client installed on the system. Any application user (including a non-admin, restricted user) who has access to the thick client can potentially bring down the system.

    Payload can be up to ~80k characters. Repeated attempts result in spiked CPU usage & consumption of RAM / page resources. Where a full-blown application (or multiple applications in production scenario) is deployed, i.e. with an operational/functional configuration, memory/CPU usage is notably higher than that of a test, blank application. Repeatedly submitting such a large username input, rapidly consumes available server memory resources leading to resource exhaustion. This forces a system reboot eventually.

    Where an endpoint security solution (such as AV/HIPS/Anti-Malware) is deployed on the system, resource exhaustion may be achieved relatively much faster (quickly). A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N ).

    Exploitation

    Multiple URLs and parameters were found to vulnerable to Reflected Cross-Site Scripting.

    INFORMATION EXPOSURE CWE-548 https://cwe.mitre.org/data/definitions/548.html

    Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N )

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0451",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vtscada",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.2.23"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "11.2.26"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "11.2.26"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "11.2.23"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.2.2"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.1.18"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.1.17"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.2"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.1.09"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.1.07"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.0"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "10.2.22"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "10.2"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "10.1"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "10"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "09.1.20"
          },
          {
            "model": "engineering vtscada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.2.26"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10708"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004919"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-831"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.2.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6053"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Karn Ganeshen.",
        "sources": [
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-831"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-6053",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-6053",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-10708",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "1788e17d-8e84-4c5e-b3bc-4dc712136483",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2017-6053",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-6053",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-10708",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-831",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "1788e17d-8e84-4c5e-b3bc-4dc712136483",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10708"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004919"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-831"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user\u0027s browser. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. Trihedral VTScada is prone to multiple security vulnerabilities:\n1. A denial-of-service vulnerability. \n2. \n3. An information-disclosure vulnerability. This can allow the attacker to steal cookie-based authentication credentials or gain access to sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral\nEquipment: VTScada\nVulnerability: Resource Consumption, Cross-Site Scripting, Information\nExposure\nAdvisory URL:\nhttps://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/\n\nICS-CERT Advisory\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-164-01\n\n------------------------\nAFFECTED PRODUCTS\n------------------------\nThe following versions of VTScada, an HMI SCADA software, are affected:\n\nVTScada Versions prior to 11.2.26\n\n------------------------\nIMPACT\n------------------------\n\nSuccessful exploitation of these vulnerabilities could result in\nuncontrolled resource consumption, arbitrary code execution, or information\nexposure. \n\n------------------------\nVULNERABILITY OVERVIEW\n------------------------\n\nUNCONTROLLED RESOURCE CONSUMPTION CWE-400\n\u003chttps://cwe.mitre.org/data/definitions/400.html\u003e\n\nThe client does not properly validate the input or limit the amount of\nresources that are utilized by an attacker, which can be used to consume\nmore resources than are available. A CVSS v3 base score of 7.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\u003e\n). \n\nExploitation\n\nNote that this vulnerability targets the VTScada thick client installed on\nthe system. Any application user (including a non-admin, restricted user)\nwho has access to the thick client can potentially bring down the system. \n\nPayload can be up to ~80k characters. Repeated attempts result in spiked\nCPU usage \u0026 consumption of RAM / page resources. Where a full-blown\napplication (or multiple applications in production scenario) is deployed,\ni.e. with an operational/functional configuration, memory/CPU usage is\nnotably higher than that of a test, blank application. Repeatedly\nsubmitting such a large username input, rapidly consumes available server\nmemory resources leading to resource exhaustion. This forces a system\nreboot eventually. \n\nWhere an endpoint security solution (such as AV/HIPS/Anti-Malware) is\ndeployed on the system, resource exhaustion may be achieved relatively much\nfaster (quickly). A CVSS v3 base score of 6.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\u003e\n). \n\nExploitation\n\nMultiple URLs and parameters were found to vulnerable to Reflected\nCross-Site Scripting. \n\nINFORMATION EXPOSURE CWE-548\n\u003chttps://cwe.mitre.org/data/definitions/548.html\u003e\n\nSome files are exposed within the web server application to unauthenticated\nusers. These files may contain sensitive configuration information. A CVSS v3 base score of 7.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\u003e\n)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004919"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10708"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "IVD",
            "id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
          },
          {
            "db": "PACKETSTORM",
            "id": "143216"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6053",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-164-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "99066",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10708",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-831",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004919",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "1788E17D-8E84-4C5E-B3BC-4DC712136483",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "143216",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10708"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004919"
          },
          {
            "db": "PACKETSTORM",
            "id": "143216"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-831"
          }
        ]
      },
      "id": "VAR-201706-0451",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10708"
          }
        ],
        "trust": 1.39210527
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10708"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:44:32.024000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.trihedral.com/"
          },
          {
            "title": "Trihedral VTScada Cross-Site Scripting Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/96154"
          },
          {
            "title": "Trihedral VTScada Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71099"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-10708"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004919"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-831"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004919"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6053"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-164-01"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/99066"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6053"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6053"
          },
          {
            "trust": 0.3,
            "url": "www.trihedral.com"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6045\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6053\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/400.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6043\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:n/s:u/c:h/i:n/a:n\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:n/s:u/c:n/i:n/a:h\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:r/s:u/c:h/i:n/a:n\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/548.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-10708"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004919"
          },
          {
            "db": "PACKETSTORM",
            "id": "143216"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-831"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10708"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004919"
          },
          {
            "db": "PACKETSTORM",
            "id": "143216"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-831"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-22T00:00:00",
            "db": "IVD",
            "id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
          },
          {
            "date": "2017-06-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-10708"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "BID",
            "id": "99066"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004919"
          },
          {
            "date": "2017-06-30T11:11:11",
            "db": "PACKETSTORM",
            "id": "143216"
          },
          {
            "date": "2017-06-21T19:29:00.370000",
            "db": "NVD",
            "id": "CVE-2017-6053"
          },
          {
            "date": "2017-06-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-831"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-10708"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "BID",
            "id": "99066"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004919"
          },
          {
            "date": "2019-10-09T23:28:38.917000",
            "db": "NVD",
            "id": "CVE-2017-6053"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-831"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-831"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Trihedral VTScada Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "1788e17d-8e84-4c5e-b3bc-4dc712136483"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10708"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-831"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-831"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201706-0467

    Vulnerability from variot - Updated: 2023-12-18 12:44

    A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. Trihedral VTScada Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A denial of service vulnerability exists in versions of Trihedral VTScada prior to 11.2.26 that caused the program to fail to validate input or limit the total amount of resources used. An attacker could exploit the vulnerability to cause a denial of service (a significant drain on resources). Trihedral VTScada is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. A cross-site scripting vulnerability. 3. An information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials or gain access to sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral Equipment: VTScada Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure Advisory URL: https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/

    ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01


    AFFECTED PRODUCTS

    The following versions of VTScada, an HMI SCADA software, are affected:

    VTScada Versions prior to 11.2.26


    IMPACT

    Successful exploitation of these vulnerabilities could result in uncontrolled resource consumption, arbitrary code execution, or information exposure. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ).

    Exploitation

    Note that this vulnerability targets the VTScada thick client installed on the system. Any application user (including a non-admin, restricted user) who has access to the thick client can potentially bring down the system.

    Payload can be up to ~80k characters. Repeated attempts result in spiked CPU usage & consumption of RAM / page resources. Where a full-blown application (or multiple applications in production scenario) is deployed, i.e. with an operational/functional configuration, memory/CPU usage is notably higher than that of a test, blank application. Repeatedly submitting such a large username input, rapidly consumes available server memory resources leading to resource exhaustion. This forces a system reboot eventually.

    Where an endpoint security solution (such as AV/HIPS/Anti-Malware) is deployed on the system, resource exhaustion may be achieved relatively much faster (quickly). A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N ).

    Exploitation

    Multiple URLs and parameters were found to vulnerable to Reflected Cross-Site Scripting.

    INFORMATION EXPOSURE CWE-548 https://cwe.mitre.org/data/definitions/548.html

    Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N )

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0467",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vtscada",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.2.23"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "11.2.26"
          },
          {
            "model": "vtscada",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "11.2.26"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "11.2.23"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.2.2"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.1.18"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.1.17"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.2"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.1.09"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.1.07"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.0"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "10.2.22"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "10.2"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "10.1"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "10"
          },
          {
            "model": "engineering vtscada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "09.1.20"
          },
          {
            "model": "engineering vtscada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.2.26"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10707"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004917"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6043"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-830"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.2.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6043"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Karn Ganeshen.",
        "sources": [
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-830"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-6043",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-6043",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-10707",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "a084bafc-df0b-469d-85a8-46c98d18dce9",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-6043",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-6043",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-10707",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-830",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "a084bafc-df0b-469d-85a8-46c98d18dce9",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10707"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004917"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6043"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-830"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. Trihedral VTScada Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A denial of service vulnerability exists in versions of Trihedral VTScada prior to 11.2.26 that caused the program to fail to validate input or limit the total amount of resources used. An attacker could exploit the vulnerability to cause a denial of service (a significant drain on resources). Trihedral VTScada is prone to multiple security vulnerabilities:\n1. A denial-of-service vulnerability. \n2. A cross-site scripting vulnerability. \n3. An information-disclosure vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials or gain access to sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. Vendor: Trihedral\nEquipment: VTScada\nVulnerability: Resource Consumption, Cross-Site Scripting, Information\nExposure\nAdvisory URL:\nhttps://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/\n\nICS-CERT Advisory\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-164-01\n\n------------------------\nAFFECTED PRODUCTS\n------------------------\nThe following versions of VTScada, an HMI SCADA software, are affected:\n\nVTScada Versions prior to 11.2.26\n\n------------------------\nIMPACT\n------------------------\n\nSuccessful exploitation of these vulnerabilities could result in\nuncontrolled resource consumption, arbitrary code execution, or information\nexposure. A CVSS v3 base score of 7.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\u003e\n). \n\nExploitation\n\nNote that this vulnerability targets the VTScada thick client installed on\nthe system. Any application user (including a non-admin, restricted user)\nwho has access to the thick client can potentially bring down the system. \n\nPayload can be up to ~80k characters. Repeated attempts result in spiked\nCPU usage \u0026 consumption of RAM / page resources. Where a full-blown\napplication (or multiple applications in production scenario) is deployed,\ni.e. with an operational/functional configuration, memory/CPU usage is\nnotably higher than that of a test, blank application. Repeatedly\nsubmitting such a large username input, rapidly consumes available server\nmemory resources leading to resource exhaustion. This forces a system\nreboot eventually. \n\nWhere an endpoint security solution (such as AV/HIPS/Anti-Malware) is\ndeployed on the system, resource exhaustion may be achieved relatively much\nfaster (quickly). A CVSS v3 base score of 6.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\u003e\n). \n\nExploitation\n\nMultiple URLs and parameters were found to vulnerable to Reflected\nCross-Site Scripting. \n\nINFORMATION EXPOSURE CWE-548\n\u003chttps://cwe.mitre.org/data/definitions/548.html\u003e\n\nSome files are exposed within the web server application to unauthenticated\nusers. These files may contain sensitive configuration information. A CVSS v3 base score of 7.5 has been\nassigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n\u003chttps://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\u003e\n)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6043"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004917"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10707"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "IVD",
            "id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
          },
          {
            "db": "PACKETSTORM",
            "id": "143216"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6043",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-164-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "99066",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10707",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-830",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004917",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "A084BAFC-DF0B-469D-85A8-46C98D18DCE9",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "143216",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10707"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004917"
          },
          {
            "db": "PACKETSTORM",
            "id": "143216"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6043"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-830"
          }
        ]
      },
      "id": "VAR-201706-0467",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10707"
          }
        ],
        "trust": 1.39210527
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10707"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:44:31.985000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.trihedral.com/"
          },
          {
            "title": "Trihedral VTScada denial of service vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/96152"
          },
          {
            "title": "Trihedral VTScada Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71098"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-10707"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004917"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-830"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004917"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6043"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-164-01"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/99066"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6043"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6043"
          },
          {
            "trust": 0.3,
            "url": "www.trihedral.com"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6045\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6053\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/400.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6043\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:n/s:u/c:h/i:n/a:n\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:n/s:u/c:n/i:n/a:h\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.first.org/cvss/calculator/3.0#cvss:3.0/av:n/ac:l/pr:n/ui:r/s:u/c:h/i:n/a:n\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/548.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-10707"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004917"
          },
          {
            "db": "PACKETSTORM",
            "id": "143216"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6043"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-830"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10707"
          },
          {
            "db": "BID",
            "id": "99066"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004917"
          },
          {
            "db": "PACKETSTORM",
            "id": "143216"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6043"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-830"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-22T00:00:00",
            "db": "IVD",
            "id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
          },
          {
            "date": "2017-06-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-10707"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "BID",
            "id": "99066"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004917"
          },
          {
            "date": "2017-06-30T11:11:11",
            "db": "PACKETSTORM",
            "id": "143216"
          },
          {
            "date": "2017-06-21T19:29:00.277000",
            "db": "NVD",
            "id": "CVE-2017-6043"
          },
          {
            "date": "2017-06-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-830"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-10707"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "BID",
            "id": "99066"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004917"
          },
          {
            "date": "2019-10-09T23:28:37.607000",
            "db": "NVD",
            "id": "CVE-2017-6043"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-830"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-830"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Trihedral VTScada Denial of service vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-10707"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Resource management error",
        "sources": [
          {
            "db": "IVD",
            "id": "a084bafc-df0b-469d-85a8-46c98d18dce9"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-830"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201711-0416

    Vulnerability from variot - Updated: 2023-12-18 12:19

    An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine. Trihedral VTScada Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. There are multiple vulnerabilities in Trihedral Engineering Limited VTScada. An attacker could execute arbitrary script code in an affected application or bypass an security restriction to perform an unauthorized operation

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0416",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "engineering limited vtscada",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "trihedral",
            "version": "11.3.2"
          },
          {
            "model": "vtscada",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.3.03"
          },
          {
            "model": "engineering limited vtscada",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "trihedral",
            "version": "11.3.3"
          },
          {
            "model": "vtscada",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "11.3.03"
          },
          {
            "model": "engineering limited vtscada",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "\u003c=11.3.03"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "11.3.03"
          },
          {
            "model": "engineering limited vtscada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.3.5"
          },
          {
            "model": "engineering limited vtscada",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "trihedral",
            "version": "11.3.3*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32170"
          },
          {
            "db": "BID",
            "id": "101629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009927"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1246"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.3.03",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-14029"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Karn Ganeshen and Mark Cross.",
        "sources": [
          {
            "db": "BID",
            "id": "101629"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-14029",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-14029",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-16270",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-32170",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "c562c215-19e3-4491-81b1-bb0f615e15c7",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-14029",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-14029",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-16270",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-32170",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-1246",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "c562c215-19e3-4491-81b1-bb0f615e15c7",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009927"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1246"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine. Trihedral VTScada Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. There are multiple vulnerabilities in Trihedral Engineering Limited VTScada. An attacker could execute arbitrary script code in an affected application or bypass an security restriction to perform an unauthorized operation",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-14029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009927"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32170"
          },
          {
            "db": "BID",
            "id": "101629"
          },
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-17-304-02",
            "trust": 3.3
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14029",
            "trust": 3.2
          },
          {
            "db": "BID",
            "id": "101629",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32170",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1246",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009927",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2F8AE50-39AB-11E9-BD77-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "C562C215-19E3-4491-81B1-BB0F615E15C7",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32170"
          },
          {
            "db": "BID",
            "id": "101629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009927"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1246"
          }
        ]
      },
      "id": "VAR-201711-0416",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32170"
          }
        ],
        "trust": 2.3460526350000004
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.6
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32170"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:19:20.809000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Moving to the Current Version",
            "trust": 0.8,
            "url": "https://www.trihedral.com/help/content/op_welcome/wel_upgradenotes.htm"
          },
          {
            "title": "Trihedral Engineering Limited VTScada ICSA-17-304-0 patch with multiple vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/137735"
          },
          {
            "title": "Trihedral Engineering Limited VTScada DLL hijacking vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/105112"
          },
          {
            "title": "Trihedral VTScada Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100009"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1246"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-427",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009927"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14029"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-304-02"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14029"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14029"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/101629"
          },
          {
            "trust": 0.3,
            "url": "www.trihedral.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32170"
          },
          {
            "db": "BID",
            "id": "101629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009927"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1246"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32170"
          },
          {
            "db": "BID",
            "id": "101629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009927"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1246"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-08-27T00:00:00",
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "date": "2017-11-01T00:00:00",
            "db": "IVD",
            "id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
          },
          {
            "date": "2018-08-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "date": "2017-11-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-32170"
          },
          {
            "date": "2017-10-31T00:00:00",
            "db": "BID",
            "id": "101629"
          },
          {
            "date": "2017-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009927"
          },
          {
            "date": "2017-11-06T22:29:00.350000",
            "db": "NVD",
            "id": "CVE-2017-14029"
          },
          {
            "date": "2017-08-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-1246"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-08-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "date": "2017-11-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-32170"
          },
          {
            "date": "2017-12-19T22:36:00",
            "db": "BID",
            "id": "101629"
          },
          {
            "date": "2017-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009927"
          },
          {
            "date": "2019-10-09T23:23:46",
            "db": "NVD",
            "id": "CVE-2017-14029"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-1246"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1246"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Trihedral Engineering Limited VTScada DLL Hijacking vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32170"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "c562c215-19e3-4491-81b1-bb0f615e15c7"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1246"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201711-0417

    Vulnerability from variot - Updated: 2023-12-18 12:19

    An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine. Trihedral VTScada Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. There are multiple vulnerabilities in Trihedral Engineering Limited VTScada. An attacker could execute arbitrary script code in an affected application or bypass an security restriction to perform an unauthorized operation

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0417",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "engineering limited vtscada",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "trihedral",
            "version": "11.3.2"
          },
          {
            "model": "vtscada",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "trihedral",
            "version": "11.3.03"
          },
          {
            "model": "engineering limited vtscada",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "trihedral",
            "version": "11.3.3"
          },
          {
            "model": "vtscada",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "trihedral engineering",
            "version": "11.3.03"
          },
          {
            "model": "engineering limited vtscada",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "\u003c=11.3.03"
          },
          {
            "model": "vtscada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "trihedral",
            "version": "11.3.03"
          },
          {
            "model": "engineering limited vtscada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "trihedral",
            "version": "11.3.5"
          },
          {
            "model": "engineering limited vtscada",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "trihedral",
            "version": "11.3.3*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vtscada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32169"
          },
          {
            "db": "BID",
            "id": "101629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009928"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14031"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1244"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.3.03",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-14031"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Karn Ganeshen and Mark Cross.",
        "sources": [
          {
            "db": "BID",
            "id": "101629"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-14031",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-14031",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-16270",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-32169",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-14031",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-14031",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-16270",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-32169",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-1244",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009928"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14031"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1244"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine. Trihedral VTScada Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. There are multiple vulnerabilities in Trihedral Engineering Limited VTScada. An attacker could execute arbitrary script code in an affected application or bypass an security restriction to perform an unauthorized operation",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-14031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009928"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32169"
          },
          {
            "db": "BID",
            "id": "101629"
          },
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-17-304-02",
            "trust": 3.3
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14031",
            "trust": 3.2
          },
          {
            "db": "BID",
            "id": "101629",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32169",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1244",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009928",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2F8AE50-39AB-11E9-BD77-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "66D3EE10-0A24-4CE8-81CF-5E3F113A7CB2",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32169"
          },
          {
            "db": "BID",
            "id": "101629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009928"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14031"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1244"
          }
        ]
      },
      "id": "VAR-201711-0417",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32169"
          }
        ],
        "trust": 2.3460526350000004
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.6
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32169"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:19:20.762000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Moving to the Current Version",
            "trust": 0.8,
            "url": "https://www.trihedral.com/help/content/op_welcome/wel_upgradenotes.htm"
          },
          {
            "title": "Trihedral Engineering Limited VTScada ICSA-17-304-0 patch with multiple vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/137735"
          },
          {
            "title": "Trihedral Engineering Limited VTScada does not authorize access to the vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/105113"
          },
          {
            "title": "Trihedral VTScada Fixes for access control error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100007"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009928"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1244"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-269",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009928"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14031"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-304-02"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14031"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14031"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/101629"
          },
          {
            "trust": 0.3,
            "url": "www.trihedral.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32169"
          },
          {
            "db": "BID",
            "id": "101629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009928"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14031"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1244"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32169"
          },
          {
            "db": "BID",
            "id": "101629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009928"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14031"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1244"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-08-27T00:00:00",
            "db": "IVD",
            "id": "e2f8ae50-39ab-11e9-bd77-000c29342cb1"
          },
          {
            "date": "2017-11-01T00:00:00",
            "db": "IVD",
            "id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
          },
          {
            "date": "2018-08-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "date": "2017-11-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-32169"
          },
          {
            "date": "2017-10-31T00:00:00",
            "db": "BID",
            "id": "101629"
          },
          {
            "date": "2017-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009928"
          },
          {
            "date": "2017-11-06T22:29:00.380000",
            "db": "NVD",
            "id": "CVE-2017-14031"
          },
          {
            "date": "2017-08-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-1244"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-08-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-16270"
          },
          {
            "date": "2017-11-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-32169"
          },
          {
            "date": "2017-12-19T22:36:00",
            "db": "BID",
            "id": "101629"
          },
          {
            "date": "2017-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009928"
          },
          {
            "date": "2019-10-09T23:23:46.280000",
            "db": "NVD",
            "id": "CVE-2017-14031"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-1244"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1244"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Trihedral Engineering Limited VTScada Unauthorized Access Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32169"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Access control error",
        "sources": [
          {
            "db": "IVD",
            "id": "66d3ee10-0a24-4ce8-81cf-5e3f113a7cb2"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1244"
          }
        ],
        "trust": 0.8
      }
    }

    CVE-2014-9192 (GCVE-0-2014-9192)

    Vulnerability from nvd – Published: 2014-12-11 15:00 – Updated: 2025-07-25 16:46
    VLAI
    Title
    Trihedral Engineering Limited VTScada Integer Overflow
    Summary
    Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Trihedral Engineering VTS Affected: 6.5 , < 9.1.19 (custom)
    Affected: 10 , < 10.2.21 (custom)
    Create a notification for this product.
    Date Public
    2014-12-09 07:00
    Credits
    An anonymous researcher working with HP’s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd’s VTScada application.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:40:24.431Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"
              },
              {
                "name": "71591",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/71591"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "VTS",
              "vendor": "Trihedral Engineering",
              "versions": [
                {
                  "lessThan": "9.1.19",
                  "status": "affected",
                  "version": "6.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.21",
                  "status": "affected",
                  "version": "10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "An anonymous researcher working with HP\u2019s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd\u2019s VTScada application."
            }
          ],
          "datePublic": "2014-12-09T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInteger overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.\u003c/p\u003e"
                }
              ],
              "value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."
            }
          ],
          "metrics": [
            {
              "cvssV2_0": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-25T16:46:02.667Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02"
            },
            {
              "name": "71591",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/71591"
            },
            {
              "url": "http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTrihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.\u2019s FTP site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\"\u003eftp://ftp.trihedral.com/VTS/\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eVersion Information:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e11.1.09 \u2013 Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.\u003c/li\u003e\n\u003cli\u003e10.2.22 \u2013Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.\u003c/li\u003e\n\u003cli\u003e09.1.20 \u2013 Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eHelp file notes for upgrading VTScada/VTS can be found at:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm\"\u003ehttp://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm\u003c/a\u003e\u003c/p\u003eIf you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:\u003cbr\u003e1-855-887-2232\u003cbr\u003e1-902-835-1575\u003cbr\u003e+44 (0) 1224 258910 for the United Kingdom\n\n\u003cbr\u003e"
                }
              ],
              "value": "Trihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.\u2019s FTP site:\u00a0ftp://ftp.trihedral.com/VTS/\n\n\nVersion Information:\n\n\n\n  *  11.1.09 \u2013 Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.\n\n  *  10.2.22 \u2013Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.\n\n  *  09.1.20 \u2013 Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.\n\n\n\nHelp file notes for upgrading VTScada/VTS can be found at:\u00a0 http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm \n\nIf you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:\n1-855-887-2232\n1-902-835-1575\n+44 (0) 1224 258910 for the United Kingdom"
            }
          ],
          "source": {
            "advisory": "ICSA-14-343-02",
            "discovery": "EXTERNAL"
          },
          "title": "Trihedral Engineering Limited VTScada Integer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2014-9192",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"
                },
                {
                  "name": "71591",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/71591"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2014-9192",
        "datePublished": "2014-12-11T15:00:00.000Z",
        "dateReserved": "2014-12-02T00:00:00.000Z",
        "dateUpdated": "2025-07-25T16:46:02.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9192 (GCVE-0-2014-9192)

    Vulnerability from cvelistv5 – Published: 2014-12-11 15:00 – Updated: 2025-07-25 16:46
    VLAI
    Title
    Trihedral Engineering Limited VTScada Integer Overflow
    Summary
    Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Trihedral Engineering VTS Affected: 6.5 , < 9.1.19 (custom)
    Affected: 10 , < 10.2.21 (custom)
    Create a notification for this product.
    Date Public
    2014-12-09 07:00
    Credits
    An anonymous researcher working with HP’s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd’s VTScada application.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:40:24.431Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"
              },
              {
                "name": "71591",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/71591"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "VTS",
              "vendor": "Trihedral Engineering",
              "versions": [
                {
                  "lessThan": "9.1.19",
                  "status": "affected",
                  "version": "6.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.21",
                  "status": "affected",
                  "version": "10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "An anonymous researcher working with HP\u2019s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd\u2019s VTScada application."
            }
          ],
          "datePublic": "2014-12-09T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInteger overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.\u003c/p\u003e"
                }
              ],
              "value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."
            }
          ],
          "metrics": [
            {
              "cvssV2_0": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-25T16:46:02.667Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02"
            },
            {
              "name": "71591",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/71591"
            },
            {
              "url": "http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTrihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.\u2019s FTP site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\"\u003eftp://ftp.trihedral.com/VTS/\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eVersion Information:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e11.1.09 \u2013 Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.\u003c/li\u003e\n\u003cli\u003e10.2.22 \u2013Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.\u003c/li\u003e\n\u003cli\u003e09.1.20 \u2013 Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eHelp file notes for upgrading VTScada/VTS can be found at:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm\"\u003ehttp://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm\u003c/a\u003e\u003c/p\u003eIf you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:\u003cbr\u003e1-855-887-2232\u003cbr\u003e1-902-835-1575\u003cbr\u003e+44 (0) 1224 258910 for the United Kingdom\n\n\u003cbr\u003e"
                }
              ],
              "value": "Trihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.\u2019s FTP site:\u00a0ftp://ftp.trihedral.com/VTS/\n\n\nVersion Information:\n\n\n\n  *  11.1.09 \u2013 Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.\n\n  *  10.2.22 \u2013Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.\n\n  *  09.1.20 \u2013 Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.\n\n\n\nHelp file notes for upgrading VTScada/VTS can be found at:\u00a0 http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm \n\nIf you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:\n1-855-887-2232\n1-902-835-1575\n+44 (0) 1224 258910 for the United Kingdom"
            }
          ],
          "source": {
            "advisory": "ICSA-14-343-02",
            "discovery": "EXTERNAL"
          },
          "title": "Trihedral Engineering Limited VTScada Integer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2014-9192",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"
                },
                {
                  "name": "71591",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/71591"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2014-9192",
        "datePublished": "2014-12-11T15:00:00.000Z",
        "dateReserved": "2014-12-02T00:00:00.000Z",
        "dateUpdated": "2025-07-25T16:46:02.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }