ID

VAR-201606-0254


CVE

CVE-2016-4523


TITLE

Trihedral VTScada Buffer Overflow Vulnerability

Trust: 1.4

sources: IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // CNVD: CNVD-2016-04028 // CNNVD: CNNVD-201606-218

DESCRIPTION

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors. Trihedral VTScada ( Old VTS) of WAP The interface includes denial of service. ( Out of bounds read and application crash ) A state vulnerability exists.Interference with service operation by a third party ( Out of bounds read and application crash ) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to traverse user-supplied paths. An attacker can leverage this vulnerability to execute code under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. VTScada is prone to multiple security vulnerabilities. Exploiting these issues will allow attackers to obtain sensitive information, cause denial-of-service conditions or to bypass certain security restrictions and perform unauthorized actions. VTScada versions 8 through 11.2.x are vulnerable

Trust: 3.33

sources: NVD: CVE-2016-4523 // JVNDB: JVNDB-2016-003066 // ZDI: ZDI-16-405 // CNVD: CNVD-2016-04028 // BID: 91077 // IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // VULMON: CVE-2016-4523

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // CNVD: CNVD-2016-04028

AFFECTED PRODUCTS

vendor:trihedralmodel:vtscadascope:ltversion:11.2.02

Trust: 1.6

vendor:trihedralmodel:vtscadascope:gteversion:8.0.05

Trust: 1.0

vendor:trihedral engineeringmodel:vtscadascope:ltversion:11.x

Trust: 0.8

vendor:trihedral engineeringmodel:vtscadascope:eqversion: -

Trust: 0.8

vendor:trihedral engineeringmodel:vtscadascope:eqversion:8.x from 11.2.02

Trust: 0.8

vendor:trihedral engineeringmodel:vtscadascope: - version: -

Trust: 0.7

vendor:trihedralmodel:vtscadascope:eqversion:8

Trust: 0.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.18

Trust: 0.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.05

Trust: 0.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.13

Trust: 0.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.16

Trust: 0.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.14

Trust: 0.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.10

Trust: 0.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.06

Trust: 0.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.17

Trust: 0.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.19

Trust: 0.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.09

Trust: 0.6

vendor:vtscadamodel: - scope:eqversion:9.0.02

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.0.03

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.0.08

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.02

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.03

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.09

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.11

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.14

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.20

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.0.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.0.07

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.0.11

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.0.13

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.0.14

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.0.16

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.0.17

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.1.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.1.06

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.1.07

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.1.12

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.07

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.08

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.11

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.13

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.14

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.15

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.17

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.19

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.20

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.21

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.22

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:8.0.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:8.0.12

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:8.0.16

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:8.0.18

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:8.1.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:8.1.06

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.06

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.09

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.10

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.13

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.14

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.15

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.16

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.17

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.18

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.19

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.20

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.21

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.22

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.24

Trust: 0.2

sources: IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // ZDI: ZDI-16-405 // CNVD: CNVD-2016-04028 // JVNDB: JVNDB-2016-003066 // CNNVD: CNNVD-201606-218 // NVD: CVE-2016-4523

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4523
value: HIGH

Trust: 1.0

NVD: CVE-2016-4523
value: HIGH

Trust: 0.8

ZDI: CVE-2016-4523
value: HIGH

Trust: 0.7

CNVD: CNVD-2016-04028
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201606-218
value: MEDIUM

Trust: 0.6

IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2
value: MEDIUM

Trust: 0.2

VULMON: CVE-2016-4523
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4523
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2016-4523
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2016-04028
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2016-4523
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-4523
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // ZDI: ZDI-16-405 // CNVD: CNVD-2016-04028 // VULMON: CVE-2016-4523 // JVNDB: JVNDB-2016-003066 // CNNVD: CNNVD-201606-218 // NVD: CVE-2016-4523

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2016-003066 // NVD: CVE-2016-4523

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-218

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // CNNVD: CNNVD-201606-218

PATCH

title:ICS-CERT VTScada Security Announcement (ICSA-16-159-01)url:https://www.trihedral.com/ics-cert-vtscada-security-announcement

Trust: 0.8

title:Trihedral Engineering Ltd has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01

Trust: 0.7

title:Trihedral VTScada Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/77534

Trust: 0.6

title:Trihedral VTScada Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62174

Trust: 0.6

title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV

Trust: 0.1

sources: ZDI: ZDI-16-405 // CNVD: CNVD-2016-04028 // VULMON: CVE-2016-4523 // JVNDB: JVNDB-2016-003066 // CNNVD: CNNVD-201606-218

EXTERNAL IDS

db:NVDid:CVE-2016-4523

Trust: 5.1

db:ICS CERTid:ICSA-16-159-01

Trust: 3.1

db:ZDIid:ZDI-16-405

Trust: 1.8

db:BIDid:91077

Trust: 1.4

db:CNVDid:CNVD-2016-04028

Trust: 0.8

db:CNNVDid:CNNVD-201606-218

Trust: 0.8

db:JVNDBid:JVNDB-2016-003066

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-3575

Trust: 0.7

db:IVDid:A5F1CBB5-A38E-4CA2-BC23-F61CC5F911E2

Trust: 0.2

db:VULMONid:CVE-2016-4523

Trust: 0.1

sources: IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // ZDI: ZDI-16-405 // CNVD: CNVD-2016-04028 // VULMON: CVE-2016-4523 // BID: 91077 // JVNDB: JVNDB-2016-003066 // CNNVD: CNNVD-201606-218 // NVD: CVE-2016-4523

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-16-159-01

Trust: 3.9

url:http://www.securityfocus.com/bid/91077

Trust: 1.1

url:http://www.zerodayinitiative.com/advisories/zdi-16-405

Trust: 1.1

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4523

Trust: 0.8

url:https://cisa.gov/known-exploited-vulnerabilities-catalog

Trust: 0.8

url:http://www.trihedral.com/help/#op_welcome/wel_upgradenotes.htm

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=46605

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/ostorlab/kev

Trust: 0.1

sources: ZDI: ZDI-16-405 // CNVD: CNVD-2016-04028 // VULMON: CVE-2016-4523 // JVNDB: JVNDB-2016-003066 // CNNVD: CNNVD-201606-218 // NVD: CVE-2016-4523

CREDITS

Anonymous

Trust: 1.0

sources: ZDI: ZDI-16-405 // BID: 91077

SOURCES

db:IVDid:a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2
db:ZDIid:ZDI-16-405
db:CNVDid:CNVD-2016-04028
db:VULMONid:CVE-2016-4523
db:BIDid:91077
db:JVNDBid:JVNDB-2016-003066
db:CNNVDid:CNNVD-201606-218
db:NVDid:CVE-2016-4523

LAST UPDATE DATE

2024-11-23T21:43:01.368000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-16-405date:2016-07-01T00:00:00
db:CNVDid:CNVD-2016-04028date:2016-06-15T00:00:00
db:VULMONid:CVE-2016-4523date:2016-11-28T00:00:00
db:BIDid:91077date:2016-07-06T15:12:00
db:JVNDBid:JVNDB-2016-003066date:2024-07-08T05:05:00
db:CNNVDid:CNNVD-201606-218date:2016-06-12T00:00:00
db:NVDid:CVE-2016-4523date:2024-11-21T02:52:23.737

SOURCES RELEASE DATE

db:IVDid:a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2date:2016-06-15T00:00:00
db:ZDIid:ZDI-16-405date:2016-07-01T00:00:00
db:CNVDid:CNVD-2016-04028date:2016-06-15T00:00:00
db:VULMONid:CVE-2016-4523date:2016-06-09T00:00:00
db:BIDid:91077date:2016-06-07T00:00:00
db:JVNDBid:JVNDB-2016-003066date:2016-06-10T00:00:00
db:CNNVDid:CNNVD-201606-218date:2016-06-12T00:00:00
db:NVDid:CVE-2016-4523date:2016-06-09T10:59:04.073