CVE-2014-9192

Trihedral Engineering Limited VTScada Integer Overflow

CVSS 7.8 EPSS 2.7%CWE-190

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.8EPSS 2.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 dic 2014Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.

AV:N/AC:L/Au:N/C:N/I:N/A:C

Productos afectados

Trihedral Engineering · VTS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02 https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02 http://www.securityfocus.com/bid/71591 http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm