MidnightBSD

Advisories for trihedral

CVE-2014-9192 HIGH

Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-189,

Products Affected

Vendor Product Version
trihedral vtscada *
CVE-2016-4510 MEDIUM

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
trihedral vtscada 11.1.18
trihedral vtscada 11.1.19
trihedral vtscada 10.2.13
trihedral vtscada 10.0.14
trihedral vtscada 9.0.02
trihedral vtscada 10.1.07
trihedral vtscada 9.1.05
trihedral vtscada 10.1.06
trihedral vtscada 11.1.06
trihedral vtscada 9.1.03
trihedral vtscada 11.1.20
trihedral vtscada 8.1.05
trihedral vtscada 9.1.09
trihedral vtscada 9.1.11
trihedral vtscada 10.2.11
trihedral vtscada 10.1.12
trihedral vtscada 8.0.18
trihedral vtscada 10.2.08
trihedral vtscada 11.1.10
trihedral vtscada 10.0.11
trihedral vtscada 10.0.16
trihedral vtscada 11.1.14
trihedral vtscada 11.1.05
trihedral vtscada 10.2.19
trihedral vtscada 9.1.20
trihedral vtscada 8.0.16
trihedral vtscada 11.1.24
trihedral vtscada 11.1.15
trihedral vtscada 10.2.15
trihedral vtscada 9.1.14
trihedral vtscada 11.1.22
trihedral vtscada 11.1.21
trihedral vtscada 10.2.22
trihedral vtscada 11.0.07
trihedral vtscada 10.2.05
trihedral vtscada 10.2.14
trihedral vtscada 9.0.03
trihedral vtscada 10.0.13
trihedral vtscada 10.2.20
trihedral vtscada 8.0.05
trihedral vtscada 11.0.05
trihedral vtscada 11.1.13
trihedral vtscada 9.0.08
trihedral vtscada 11.1.17
trihedral vtscada 9.1.02
trihedral vtscada 10.2.21
trihedral vtscada 11.1.09
trihedral vtscada 8.1.06
trihedral vtscada 10.1.05
trihedral vtscada 8.0.12
trihedral vtscada 11.1.16
trihedral vtscada 10.2.17
trihedral vtscada 10.0.17
trihedral vtscada 10.2.07
CVE-2016-4523 MEDIUM

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
trihedral vtscada *
CVE-2016-4532 MEDIUM

Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
trihedral vtscada 11.1.18
trihedral vtscada 11.1.19
trihedral vtscada 10.2.13
trihedral vtscada 10.0.14
trihedral vtscada 9.0.02
trihedral vtscada 10.1.07
trihedral vtscada 9.1.05
trihedral vtscada 10.1.06
trihedral vtscada 11.1.06
trihedral vtscada 9.1.03
trihedral vtscada 11.1.20
trihedral vtscada 8.1.05
trihedral vtscada 9.1.09
trihedral vtscada 9.1.11
trihedral vtscada 10.2.11
trihedral vtscada 10.1.12
trihedral vtscada 8.0.18
trihedral vtscada 10.2.08
trihedral vtscada 11.1.10
trihedral vtscada 10.0.11
trihedral vtscada 10.0.16
trihedral vtscada 11.1.14
trihedral vtscada 11.1.05
trihedral vtscada 10.2.19
trihedral vtscada 9.1.20
trihedral vtscada 8.0.16
trihedral vtscada 11.1.24
trihedral vtscada 11.1.15
trihedral vtscada 10.2.15
trihedral vtscada 9.1.14
trihedral vtscada 11.1.22
trihedral vtscada 11.1.21
trihedral vtscada 10.2.22
trihedral vtscada 11.0.07
trihedral vtscada 10.2.05
trihedral vtscada 10.2.14
trihedral vtscada 9.0.03
trihedral vtscada 10.0.13
trihedral vtscada 10.2.20
trihedral vtscada 8.0.05
trihedral vtscada 11.0.05
trihedral vtscada 11.1.13
trihedral vtscada 9.0.08
trihedral vtscada 11.1.17
trihedral vtscada 9.1.02
trihedral vtscada 10.2.21
trihedral vtscada 11.1.09
trihedral vtscada 8.1.06
trihedral vtscada 10.1.05
trihedral vtscada 8.0.12
trihedral vtscada 11.1.16
trihedral vtscada 10.2.17
trihedral vtscada 10.0.17
trihedral vtscada 10.2.07
CVE-2017-14029 HIGH

An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
trihedral vtscada *
CVE-2017-14031 HIGH

An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,CWE-269,

Products Affected

Vendor Product Version
trihedral vtscada *
CVE-2017-6043 HIGH

A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
trihedral vtscada *
CVE-2017-6045 MEDIUM

An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-548,CWE-200,

Products Affected

Vendor Product Version
trihedral vtscada *
CVE-2017-6053 MEDIUM

A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
trihedral vtscada *
CVE-2022-3181

An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
trihedral vtscada *