Trihedral VTScada Integer Overflow Denial of Service Vulnerability

2014-12-12T00:00:00
ID ZDI-14-425
Type zdi
Reporter Anonymous
Modified 2014-11-09T00:00:00

Description

This vulnerability allows remote attackers to cause a denial of service to vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the included HTTP server. By providing a small negative content length, an attacker is able to cause an integer overflow, resulting in the allocation of too small a buffer. The resulting heap overwrite will terminate the HTTP server.