Trihedral

Vtscada

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-3181

  • EPSS 0.25%
  • Veröffentlicht 02.11.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 07:18:59

An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affe...

9.3

CVE-2017-14029

  • EPSS 0.15%
  • Veröffentlicht 06.11.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.

7.8

CVE-2017-14031

  • EPSS 0.04%
  • Veröffentlicht 06.11.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.

7.8

CVE-2017-6043

  • EPSS 0.55%
  • Veröffentlicht 21.06.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources...

7.5

CVE-2017-6045

  • EPSS 0.52%
  • Veröffentlicht 21.06.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.

6.1

CVE-2017-6053

  • EPSS 0.17%
  • Veröffentlicht 21.06.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser.

9.1

CVE-2016-4532

  • EPSS 3.94%
  • Veröffentlicht 09.06.2016 10:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.

7.5

CVE-2016-4523

Warnung
  • EPSS 60.81%
  • Veröffentlicht 09.06.2016 10:59:04
  • Zuletzt bearbeitet 22.10.2025 00:15:52

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.

9.1

CVE-2016-4510

  • EPSS 0.69%
  • Veröffentlicht 09.06.2016 10:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.

5

CVE-2014-9192

  • EPSS 1.88%
  • Veröffentlicht 11.12.2014 15:59:04
  • Zuletzt bearbeitet 25.07.2025 17:15:27

Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a l...