CVE-2014-9192 (GCVE-0-2014-9192)

Vulnerability from cvelistv5 – Published: 2014-12-11 15:00 – Updated: 2025-07-25 16:46
VLAI?
Summary
Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Trihedral Engineering VTS Affected: 6.5 , < 9.1.19 (custom)
Affected: 10 , < 10.2.21 (custom)
Create a notification for this product.
Credits
An anonymous researcher working with HP’s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd’s VTScada application.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:24.431Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"
          },
          {
            "name": "71591",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71591"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "VTS",
          "vendor": "Trihedral Engineering",
          "versions": [
            {
              "lessThan": "9.1.19",
              "status": "affected",
              "version": "6.5",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.21",
              "status": "affected",
              "version": "10",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "An anonymous researcher working with HP\u2019s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd\u2019s VTScada application."
        }
      ],
      "datePublic": "2014-12-09T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eInteger overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.\u003c/p\u003e"
            }
          ],
          "value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-25T16:46:02.667Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02"
        },
        {
          "name": "71591",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71591"
        },
        {
          "url": "http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTrihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.\u2019s FTP site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\"\u003eftp://ftp.trihedral.com/VTS/\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eVersion Information:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e11.1.09 \u2013 Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.\u003c/li\u003e\n\u003cli\u003e10.2.22 \u2013Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.\u003c/li\u003e\n\u003cli\u003e09.1.20 \u2013 Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eHelp file notes for upgrading VTScada/VTS can be found at:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm\"\u003ehttp://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm\u003c/a\u003e\u003c/p\u003eIf you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:\u003cbr\u003e1-855-887-2232\u003cbr\u003e1-902-835-1575\u003cbr\u003e+44 (0) 1224 258910 for the United Kingdom\n\n\u003cbr\u003e"
            }
          ],
          "value": "Trihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.\u2019s FTP site:\u00a0ftp://ftp.trihedral.com/VTS/\n\n\nVersion Information:\n\n\n\n  *  11.1.09 \u2013 Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.\n\n  *  10.2.22 \u2013Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.\n\n  *  09.1.20 \u2013 Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.\n\n\n\nHelp file notes for upgrading VTScada/VTS can be found at:\u00a0 http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm \n\nIf you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:\n1-855-887-2232\n1-902-835-1575\n+44 (0) 1224 258910 for the United Kingdom"
        }
      ],
      "source": {
        "advisory": "ICSA-14-343-02",
        "discovery": "EXTERNAL"
      },
      "title": "Trihedral Engineering Limited VTScada Integer Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-9192",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"
            },
            {
              "name": "71591",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71591"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-9192",
    "datePublished": "2014-12-11T15:00:00",
    "dateReserved": "2014-12-02T00:00:00",
    "dateUpdated": "2025-07-25T16:46:02.667Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.5\", \"versionEndExcluding\": \"9.1.20\", \"matchCriteriaId\": \"484C73EE-529B-46EE-9B2F-009EC6E524D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0\", \"versionEndExcluding\": \"10.2.22\", \"matchCriteriaId\": \"D41BC6F8-1088-44D0-9B91-EE6546D04772\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndExcluding\": \"11.1.07\", \"matchCriteriaId\": \"DDBE315F-99C1-4A04-9E17-C95BBBD238DD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de enteros en Trihedral Engineering VTScada (anteriormente VTS) 6.5 hasta 9.x anterior a 9.1.20, 10.x anterior a 10.2.22, y 11.x anterior a 11.1.07 permite a atacantes remotos causar una denegaci\\u00f3n de servicio (ca\\u00edda del servidor) a trav\\u00e9s de una solicitud manipulada, lo que provoca una reserva de memoria grande.\"}]",
      "id": "CVE-2014-9192",
      "lastModified": "2024-11-21T02:20:22.457",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-12-11T15:59:04.773",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/71591\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/71591\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-9192\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2014-12-11T15:59:04.773\",\"lastModified\":\"2025-07-25T17:15:27.680\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de enteros en Trihedral Engineering VTScada (anteriormente VTS) 6.5 hasta 9.x anterior a 9.1.20, 10.x anterior a 10.2.22, y 11.x anterior a 11.1.07 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del servidor) a trav\u00e9s de una solicitud manipulada, lo que provoca una reserva de memoria grande.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.5\",\"versionEndExcluding\":\"9.1.20\",\"matchCriteriaId\":\"484C73EE-529B-46EE-9B2F-009EC6E524D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.2.22\",\"matchCriteriaId\":\"D41BC6F8-1088-44D0-9B91-EE6546D04772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.1.07\",\"matchCriteriaId\":\"DDBE315F-99C1-4A04-9E17-C95BBBD238DD\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/71591\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"http://www.securityfocus.com/bid/71591\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.