vtscada

28 Jan 2018

[ICS] Trihedral VTScada (more) Multiple Vulnerabilities

Vendor: Trihedral
Equipment: VTScada
Vulnerabilities: Improper Access Control, Uncontrolled Search Path Element

ICS-CERT Advisory:
https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02

CVE-ID:
CVE-2017-14029
CVE-2017-14031

AFFECTED PRODUCTS

Trihedral Engineering Limited reports that the vulnerability affects the following versions of the VTScada HMI and SCADA software:

  • VTScada 11.3.03 and prior.

IMPACT
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.

Read on for details.

Read more

15 Jun 2017

[ICS] Trihedral VTScada Multiple Vulnerabilities

ICS-CERT published an advisory on one of my reports this week –
https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01
Vendor: Trihedral
Equipment: VTScada
Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure
AFFECTED PRODUCTS
The following versions of VTScada, an HMI SCADA software, are affected:
VTScada Versions prior to 11.2.26 Read on for details.

Read more