Trihedral VTScada Integer Overflow Denial of Service Vulnerability

ID ZDI-14-425
Type zdi
Reporter Anonymous
Modified 2014-11-09T00:00:00


This vulnerability allows remote attackers to cause a denial of service to vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the included HTTP server. By providing a small negative content length, an attacker is able to cause an integer overflow, resulting in the allocation of too small a buffer. The resulting heap overwrite will terminate the HTTP server.