Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SCADA_TRIHEDRAL_VTSCADA_11_2_02.NBIN
HistorySep 28, 2017 - 12:00 a.m.

Trihedral VTScada 8.x < 11.2.02 Multiple Vulnerabilities

2017-09-2800:00:00
This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
60

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.364 Low

EPSS

Percentile

97.2%

JSON

According to its self-reported version, the Trihedral VTScada running on the remote host is after 8 and prior to 11.2.02. It is, therefore, affected by multiple vulnerabilities :

  • An authentication issue exists within the handling of Wireless Application Protocol requests due to the failure to properly validate user-supplied filenames. An unauthenticated, remote attacker can leverage this vulnerability to disclose the contents of arbitrary files under the context of the user running the service. (CVE-2016-4510)

  • An Out-Of-Bounds read within the handling of Wireless Application Protocol requests due to the failure to traverse user-supplied paths. An unauthenticated, remote attacker can leverage this vulnerability to execute code under the context of the user running the service. (CVE-2016-4523)

  • A path traversal information disclosure vulnerability within the handling of Wireless Application Protocol requests due to the failure to properly restrict the path from which images are retrieved. An remote, unauthenticated, attacker can leverage this vulnerability to disclose the contents of arbitrary files under the context of the user running the service. (CVE-2016-4532)

Binary data scada_trihedral_vtscada_11_2_02.nbin
VendorProductVersionCPE
trihedralvtscadacpe:/a:trihedral:vtscada

Related

ics 1
cve 3
zdi 3
nvd 3
prion 3
cvelist 3
attackerkb 1
cisa_kev 1
ics
ics
Trihedral Engineering Limited VTScada Vulnerabilities
2018-08-23 12:00:00
cve
cve
CVE-2016-4532
2016-06-09 10:59:05
CVE-2016-4523
2016-06-09 10:59:04
CVE-2016-4510
2016-06-09 10:59:03
zdi
zdi
Trihedral VTScada Directory Traversal Information Disclosure Vulnerability
2016-07-01 00:00:00
Trihedral VTScada Path Out-Of-Bounds Indexing Remote Code Execution Vulnerability
2016-07-01 00:00:00
Trihedral VTScada Filter Bypass Information Disclosure Vulnerability
2016-07-01 00:00:00
nvd
nvd
CVE-2016-4523
2016-06-09 10:59:04
CVE-2016-4532
2016-06-09 10:59:05
CVE-2016-4510
2016-06-09 10:59:03
prion
prion
Directory traversal
2016-06-09 10:59:00
Out-of-bounds
2016-06-09 10:59:00
Authentication flaw
2016-06-09 10:59:00
cvelist
cvelist
CVE-2016-4532
2016-06-09 10:00:00
CVE-2016-4523
2016-06-09 10:00:00
CVE-2016-4510
2016-06-09 10:00:00
attackerkb
attackerkb
CVE-2016-4523
2016-06-09 00:00:00
cisa_kev
cisa_kev
Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability
2022-04-15 00:00:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.364 Low

EPSS

Percentile

97.2%

JSON
Related for SCADA_TRIHEDRAL_VTSCADA_11_2_02.NBIN
ics1cve3zdi3nvd3prion3cvelist3attackerkb1cisa_kev1