SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-856709253] Trihedral Engineering Limited VTScada

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-10-31OtherTrihedralKarn Ganeshen and Mark Cross independently discovered these vulnerabilities and reported them to ICS-CERT. N/ACVE-2017-1403 CVE-2017-1402 N/AN/AN/A

Source

						
							
								
#
# Trihedral Engineering Limited VTScada
#


### VULNERABLE VENDOR
Trihedral


### VULNERABLE PRODUCT
VTScada



### RESEARCHER
Karn Ganeshen and Mark Cross independently discovered these vulnerabilities and reported them to ICS-CERT.



### AFFECTED PRODUCTS

Trihedral Engineering Limited reports that the vulnerability affects the following versions of the VTScada HMI and SCADA software:

VTScada 11.3.03 and prior.



### IMPACT

Successful exploitation of these vulnerabilities may allow execution of arbitrary code.



### VULNERABILITY OVERVIEW

IMPROPER ACCESS CONTROL CWE-284
A local, non-administrator user has privileges to read and write to the file system of the target machine.
CVE-2017-14031 has been assigned to this vulnerability.
A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)


UNCONTROLLED SEARCH PATH ELEMENT CWE-427
The program will execute specially crafted malicious dll files placed on the target machine.
CVE-2017-14029 has been assigned to this vulnerability.
A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Chemical, Communications, Critical Manufacturing, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater Systems
Countries/Areas Deployed: North America, Europe
Company Headquarters Location: Canada




### MITIGATION

Trihedral Engineering Limited recommends that users of an affected version update to the latest version, 11.3.05. The update can be found at the following location:

ftp://ftp.trihedral.com/VTS/VTScada 11.3 Versions/
Help file notes for upgrading VTScada/VTS can be found at:

https://www.trihedral.com/help/Content/Op_Welcome/Wel_UpgradeNotes.htm