ICSA-17-304-02

28 Jan 2018

[ICS] Trihedral VTScada (more) Multiple Vulnerabilities

Vendor: Trihedral
Equipment: VTScada
Vulnerabilities: Improper Access Control, Uncontrolled Search Path Element

ICS-CERT Advisory:
https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02

CVE-ID:
CVE-2017-14029
CVE-2017-14031

AFFECTED PRODUCTS

Trihedral Engineering Limited reports that the vulnerability affects the following versions of the VTScada HMI and SCADA software:

  • VTScada 11.3.03 and prior.

IMPACT
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.

Read on for details.

Read more