SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-855124612] Trihedral VTScada

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-06-13OtherTrihedralKarn Ganeshen discovered the vulnerabilities and has tested the patch. N/ACVE-2017-6043 CVE-2017-6053 CVE-2017-6045 N/AN/AN/A

Source

						
							
								
#
# Trihedral VTScada
#


### VULNERABLE VENDOR
Trihedral


### VULNERABLE PRODUCT
VTScada



### RESEARCHER
Karn Ganeshen discovered the vulnerabilities and has tested the patch.



### AFFECTED PRODUCTS

The following versions of VTScada, an HMI SCADA software, are affected:

VTScada Versions prior to 11.2.26



### IMPACT

Successful exploitation of these vulnerabilities could result in uncontrolled resource consumption, arbitrary code execution, or information exposure.



### VULNERABILITY OVERVIEW

UNCONTROLLED RESOURCE CONSUMPTION CWE-400
The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.
CVE-2017-6043 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)


CROSS-SITE SCRIPTING CWE-79
A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser.
CVE-2017-6053 has been assigned to this vulnerability.
A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)


INFORMATION EXPOSURE CWE-548
Some files are exposed within the web server application to unauthenticated users.
These files may contain sensitive configuration information.
CVE-2017-6045 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)





### BACKGROUND

Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Communications, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater Systems
Countries/Areas Deployed: North America, Europe
Company Headquarters Location: Bedford, Nova Scotia, Canada




### MITIGATION

Trihedral recommends that users of an affected version update to the latest version, v11.2.26. The update can be found at the following location:

ftp://ftp.trihedral.com/VTS/VTScada 11.2 Versions/VTScada 11.2.26.zip
Help file notes for upgrading VTScada/VTS can be found at:

https://www.trihedral.com/help/Content/Op_Welcome/Wel_UpgradeNotes.htm