Details of VAR-201606-0247

ID

VAR-201606-0247

CVE

CVE-2016-4510

TITLE

Trihedral VTScada Authorization Issue Vulnerability

Trust: 0.8

sources: IVD: 3bc17619-9912-4535-90ec-0ef1dd642360 // CNVD: CNVD-2016-04029

DESCRIPTION

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to properly validate user-supplied filenames. An attacker can leverage this vulnerability to disclose the contents of arbitrary files under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. An authorization vulnerability exists in the WAP interface of Trihedral VTScada 8 and pre-December 2.2.0. VTScada is prone to multiple security vulnerabilities. Exploiting these issues will allow attackers to obtain sensitive information, cause denial-of-service conditions or to bypass certain security restrictions and perform unauthorized actions. VTScada versions 8 through 11.2.x are vulnerable

Trust: 3.24

sources: NVD: CVE-2016-4510 // JVNDB: JVNDB-2016-003077 // ZDI: ZDI-16-404 // CNVD: CNVD-2016-04029 // BID: 91077 // IVD: 3bc17619-9912-4535-90ec-0ef1dd642360

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 3bc17619-9912-4535-90ec-0ef1dd642360 // CNVD: CNVD-2016-04029

AFFECTED PRODUCTS

vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.19	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.18	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8.1.06	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8.0.18	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8.1.05	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.20	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.16	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.05	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.17	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8.0.16	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.0.17	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.15	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.0.02	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.14	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.11	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.05	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.05	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.0.07	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.0.14	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.24	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.07	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.1.05	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.13	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.19	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.1.06	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.09	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.0.11	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8.0.05	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.08	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.20	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.0.13	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.22	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.17	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.06	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.20	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.0.05	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.09	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8.0.12	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.0.08	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.0.03	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.03	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.21	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.1.07	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.10	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.14	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.0.16	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.02	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.15	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.14	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.11	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.21	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.13	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.22	Trust: 1.0
vendor:	trihedral engineering	model:	vtscada	scope:	lt	version:	11.x	Trust: 0.8
vendor:	trihedral engineering	model:	vtscada	scope:	eq	version:	8.x from 11.2.02	Trust: 0.8
vendor:	trihedral engineering	model:	vtscada	scope:	-	version:	-	Trust: 0.7
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8	Trust: 0.6
vendor:	trihedral	model:	vtscada	scope:	lt	version:	11.2.02	Trust: 0.6
vendor:	vtscada	model:	-	scope:	eq	version:	10.1.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.1.06	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.1.07	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.1.12	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.0.11	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.0.13	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.0.14	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.0.16	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.0.17	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.06	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.09	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.10	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.13	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.14	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.15	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.16	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.17	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.18	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.19	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.20	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.21	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.22	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.24	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	8.0.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	8.0.12	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	8.0.16	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	8.0.18	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	8.1.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	8.1.06	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.07	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.08	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.11	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.13	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.14	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.15	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.17	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.19	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.20	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.21	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.22	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.0.02	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.0.03	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.0.08	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.02	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.03	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.09	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.11	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.14	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.20	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.0.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.0.07	Trust: 0.2

sources: IVD: 3bc17619-9912-4535-90ec-0ef1dd642360 // ZDI: ZDI-16-404 // CNVD: CNVD-2016-04029 // JVNDB: JVNDB-2016-003077 // NVD: CVE-2016-4510 // CNNVD: CNNVD-201606-217

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-4510
value:	CRITICAL
Trust: 1.8
ZDI:	CVE-2016-4510
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2016-04029
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201606-217
value:	MEDIUM
Trust: 0.6
IVD:	3bc17619-9912-4535-90ec-0ef1dd642360
value:	MEDIUM
Trust: 0.2

NVD:
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-4510
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
ZDI:	CVE-2016-4510
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2016-04029
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	3bc17619-9912-4535-90ec-0ef1dd642360
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

NVD:
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.0
Trust: 1.0
NVD:	CVE-2016-4510
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 3bc17619-9912-4535-90ec-0ef1dd642360 // ZDI: ZDI-16-404 // CNVD: CNVD-2016-04029 // JVNDB: JVNDB-2016-003077 // NVD: CVE-2016-4510 // CNNVD: CNNVD-201606-217

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2016-003077 // NVD: CVE-2016-4510

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-217

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201606-217

CONFIGURATIONS

sources: NVD: CVE-2016-4510

PATCH

title:	ICS-CERT VTScada Security Announcement (ICSA-16-159-01)	url:	https://www.trihedral.com/ics-cert-vtscada-security-announcement	Trust: 0.8
title:	Trihedral Engineering Ltd has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/icsa-16-159-01	Trust: 0.7
title:	Patch for Trihedral VTScada Authorization Issue Vulnerability	url:	https://www.cnvd.org.cn/patchinfo/show/77533	Trust: 0.6
title:	Trihedral VTScada Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62173	Trust: 0.6

sources: ZDI: ZDI-16-404 // CNVD: CNVD-2016-04029 // JVNDB: JVNDB-2016-003077 // CNNVD: CNNVD-201606-217

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4510	Trust: 4.2
db:	ICS CERT	id:	ICSA-16-159-01	Trust: 3.0
db:	ZDI	id:	ZDI-16-404	Trust: 1.7
db:	BID	id:	91077	Trust: 1.3
db:	CNVD	id:	CNVD-2016-04029	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-217	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-003077	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3512	Trust: 0.7
db:	IVD	id:	3BC17619-9912-4535-90EC-0EF1DD642360	Trust: 0.2

sources: IVD: 3bc17619-9912-4535-90ec-0ef1dd642360 // ZDI: ZDI-16-404 // CNVD: CNVD-2016-04029 // BID: 91077 // JVNDB: JVNDB-2016-003077 // NVD: CVE-2016-4510 // CNNVD: CNNVD-201606-217

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-159-01	Trust: 3.7
url:	http://www.securityfocus.com/bid/91077	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-404	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4510	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4510	Trust: 0.8
url:	http://www.trihedral.com/help/#op_welcome/wel_upgradenotes.htm	Trust: 0.6

sources: ZDI: ZDI-16-404 // CNVD: CNVD-2016-04029 // JVNDB: JVNDB-2016-003077 // NVD: CVE-2016-4510 // CNNVD: CNNVD-201606-217

CREDITS

Anonymous

Trust: 1.0

sources: ZDI: ZDI-16-404 // BID: 91077

SOURCES

db:	IVD	id:	3bc17619-9912-4535-90ec-0ef1dd642360
db:	ZDI	id:	ZDI-16-404
db:	CNVD	id:	CNVD-2016-04029
db:	BID	id:	91077
db:	JVNDB	id:	JVNDB-2016-003077
db:	NVD	id:	CVE-2016-4510
db:	CNNVD	id:	CNNVD-201606-217

LAST UPDATE DATE

2023-12-18T13:14:32.267000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-404	date:	2016-07-01T00:00:00
db:	CNVD	id:	CNVD-2016-04029	date:	2016-06-15T00:00:00
db:	BID	id:	91077	date:	2016-07-06T15:12:00
db:	JVNDB	id:	JVNDB-2016-003077	date:	2016-06-13T00:00:00
db:	NVD	id:	CVE-2016-4510	date:	2016-11-28T20:18:30.883
db:	CNNVD	id:	CNNVD-201606-217	date:	2016-06-12T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	3bc17619-9912-4535-90ec-0ef1dd642360	date:	2016-06-15T00:00:00
db:	ZDI	id:	ZDI-16-404	date:	2016-07-01T00:00:00
db:	CNVD	id:	CNVD-2016-04029	date:	2016-06-15T00:00:00
db:	BID	id:	91077	date:	2016-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2016-003077	date:	2016-06-13T00:00:00
db:	NVD	id:	CVE-2016-4510	date:	2016-06-09T10:59:03.043
db:	CNNVD	id:	CNNVD-201606-217	date:	2016-06-12T00:00:00