CVE-2016-4523

CVSS 7.5 HIGHEPSS 31.4%● KEVCWE-125

In short

The web interface in Trihedral VTScada versions 8.x through 11.x (before 11.2.02) can crash when attackers send specially crafted requests. This causes the application to stop working until it is manually restarted.

Technical detail

An out-of-bounds read vulnerability exists in the WAP interface that allows unauthenticated remote attackers to trigger a denial of service condition. The vulnerability requires no prior authentication and results in application crash; the exact attack vectors are unspecified but affect VTScada versions 8.x through 11.x prior to 11.2.02.

Summary generated and translated by AI from the official description.

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4523 http://www.securityfocus.com/bid/91077 http://www.zerodayinitiative.com/advisories/ZDI-16-405