TrihedralCVEs & Vulnerabilities

10 CVEs affecting Trihedral products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

vtscada 116
CVE-2022-3181HIGH

An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected.

3 Nov 2022
7.5
CVSS
CVE-2016-4523KEVHIGHin the wild

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.

15 Apr 2022
7.5
CVSS
CVE-2017-14031HIGH

An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.

7 Nov 2017
7.8
CVSS
CVE-2017-14029HIGH

An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.

7 Nov 2017
7.8
CVSS
CVE-2017-6053MEDIUM

A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser.

21 Jun 2017
6.1
CVSS
CVE-2017-6045HIGH

An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.

21 Jun 2017
7.5
CVSS
CVE-2017-6043HIGH

A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.

21 Jun 2017
7.5
CVSS
CVE-2016-4532CRITICAL

Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.

9 Jun 2016
9.1
CVSS
CVE-2016-4510CRITICAL

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.

9 Jun 2016
9.1
CVSS
CVE-2014-9192HIGH

Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.

11 Dec 2014
7.8
CVSS
← PrevPage 1 / 1Next →