This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Trihedral First view 2016-06-09
Product Vtscada Last view 2022-11-02
Version 11.1.09 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:trihedral:vtscada

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2022-11-02 CVE-2022-3181

An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected.

7.8 2017-11-06 CVE-2017-14031

An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.

7.8 2017-11-06 CVE-2017-14029

An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.

6.1 2017-06-21 CVE-2017-6053

A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser.

7.5 2017-06-21 CVE-2017-6045

An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.

7.5 2017-06-21 CVE-2017-6043

A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.

9.1 2016-06-09 CVE-2016-4532

Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.

7.5 2016-06-09 CVE-2016-4523

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.

9.1 2016-06-09 CVE-2016-4510

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
12% (1) CWE-427 Uncontrolled Search Path Element
12% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
12% (1) CWE-287 Improper Authentication
12% (1) CWE-269 Improper Privilege Management
12% (1) CWE-200 Information Exposure
12% (1) CWE-125 Out-of-bounds Read
12% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
12% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Snort® IPS/IDS

Date Description
2017-07-25 Trihedral VTScada directory traversal attempt
RuleID : 43326 - Type : SERVER-WEBAPP - Revision : 2
2017-07-25 Trihedral VTScada directory traversal attempt
RuleID : 43325 - Type : SERVER-WEBAPP - Revision : 2
2017-07-25 Trihedral VTScada directory traversal attempt
RuleID : 43324 - Type : SERVER-WEBAPP - Revision : 3
2017-02-21 Trihedral VTScada WAP URI null byte injection attempt
RuleID : 41359 - Type : SERVER-WEBAPP - Revision : 2
2016-12-29 VTSCADA WAP information disclosure attempt
RuleID : 40854 - Type : SERVER-WEBAPP - Revision : 3
2016-12-29 VTSCADA WAP information disclosure attempt
RuleID : 40853 - Type : SERVER-WEBAPP - Revision : 3
2016-12-29 VTSCADA WAP information disclosure attempt
RuleID : 40852 - Type : SERVER-WEBAPP - Revision : 3
2016-12-29 VTSCADA WAP information disclosure attempt
RuleID : 40851 - Type : SERVER-WEBAPP - Revision : 3
2016-12-29 VTSCADA WAP information disclosure attempt
RuleID : 40850 - Type : SERVER-WEBAPP - Revision : 3