Sign-up

ID

VAR-201606-0254


CVE

CVE-2016-4523


TITLE

Trihedral VTScada Buffer Overflow Vulnerability

Trust: 1.4

sources: IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // CNVD: CNVD-2016-04028 // CNNVD: CNNVD-201606-218

DESCRIPTION

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to traverse user-supplied paths. An attacker can leverage this vulnerability to execute code under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. A buffer overflow vulnerability exists in the WAP interface of Trihedral VTScada 8 and pre-1.0.2. VTScada is prone to multiple security vulnerabilities. Exploiting these issues will allow attackers to obtain sensitive information, cause denial-of-service conditions or to bypass certain security restrictions and perform unauthorized actions. VTScada versions 8 through 11.2.x are vulnerable

Trust: 3.33

sources: NVD: CVE-2016-4523 // JVNDB: JVNDB-2016-003066 // ZDI: ZDI-16-405 // CNVD: CNVD-2016-04028 // BID: 91077 // IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // VULMON: CVE-2016-4523

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // CNVD: CNVD-2016-04028

AFFECTED PRODUCTS

vendor:trihedralmodel:vtscadascope:eqversion:11.1.13

Trust: 1.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.19

Trust: 1.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.18

Trust: 1.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.06

Trust: 1.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.09

Trust: 1.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.10

Trust: 1.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.14

Trust: 1.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.16

Trust: 1.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.05

Trust: 1.6

vendor:trihedralmodel:vtscadascope:eqversion:11.1.17

Trust: 1.6

vendor:trihedralmodel:vtscadascope:eqversion:10.0.17

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.2.15

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:9.0.02

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:9.1.14

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:9.1.05

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.2.11

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.2.05

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:11.0.07

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.0.14

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:11.1.24

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.2.07

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.1.05

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.2.13

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.2.19

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:9.1.09

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.1.06

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.0.11

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.2.08

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.2.20

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:8.0.05

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.0.13

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.2.17

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:11.0.05

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:11.1.22

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:8.1.06

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:8.0.18

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:8.0.12

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:9.1.03

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:9.0.08

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:9.0.03

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:8.1.05

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.2.21

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.1.07

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:11.1.20

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.0.16

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:9.1.02

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.1.12

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.2.14

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:11.1.15

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:9.1.11

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:11.1.21

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:8.0.16

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:9.1.20

Trust: 1.0

vendor:trihedralmodel:vtscadascope:eqversion:10.2.22

Trust: 1.0

vendor:trihedral engineeringmodel:vtscadascope:ltversion:11.x

Trust: 0.8

vendor:trihedral engineeringmodel:vtscadascope:eqversion:8.x from 11.2.02

Trust: 0.8

vendor:trihedral engineeringmodel:vtscadascope: - version: -

Trust: 0.7

vendor:trihedralmodel:vtscadascope:eqversion:8

Trust: 0.6

vendor:trihedralmodel:vtscadascope:ltversion:11.2.02

Trust: 0.6

vendor:vtscadamodel: - scope:eqversion:9.0.02

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.0.03

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.0.08

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.02

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.03

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.09

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.11

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.14

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:9.1.20

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.0.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.0.07

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.0.11

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.0.13

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.0.14

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.0.16

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.0.17

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.1.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.1.06

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.1.07

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.1.12

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.07

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.08

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.11

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.13

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.14

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.15

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.17

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.19

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.20

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.21

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:10.2.22

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:8.0.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:8.0.12

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:8.0.16

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:8.0.18

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:8.1.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:8.1.06

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.05

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.06

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.09

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.10

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.13

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.14

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.15

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.16

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.17

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.18

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.19

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.20

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.21

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.22

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:11.1.24

Trust: 0.2

sources: IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // ZDI: ZDI-16-405 // CNVD: CNVD-2016-04028 // JVNDB: JVNDB-2016-003066 // NVD: CVE-2016-4523 // CNNVD: CNNVD-201606-218

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-4523
value: HIGH

Trust: 1.8

ZDI: CVE-2016-4523
value: HIGH

Trust: 0.7

CNVD: CNVD-2016-04028
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201606-218
value: MEDIUM

Trust: 0.6

IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2
value: MEDIUM

Trust: 0.2

VULMON: CVE-2016-4523
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: TRUE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-4523
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

ZDI: CVE-2016-4523
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2016-04028
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2016-4523
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // ZDI: ZDI-16-405 // CNVD: CNVD-2016-04028 // VULMON: CVE-2016-4523 // JVNDB: JVNDB-2016-003066 // NVD: CVE-2016-4523 // CNNVD: CNNVD-201606-218

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2016-003066 // NVD: CVE-2016-4523

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-218

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // CNNVD: CNNVD-201606-218

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-4523

PATCH
title:ICS-CERT VTScada Security Announcement (ICSA-16-159-01)url:https://www.trihedral.com/ics-cert-vtscada-security-announcement
Trust: 0.8
title:Trihedral Engineering Ltd  has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/icsa-16-159-01
Trust: 0.7
title:Trihedral VTScada Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/77534
Trust: 0.6
title:Trihedral VTScada Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62174
Trust: 0.6
title:Known Exploited Vulnerabilities Detectorurl:https://github.com/ostorlab/kev 
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-405 // 
            
            
            
            CNVD: CNVD-2016-04028 // 
            
            
            
            VULMON: CVE-2016-4523 // 
            
            
            
            JVNDB: JVNDB-2016-003066 // 
            
            
            
            CNNVD: CNNVD-201606-218

EXTERNAL IDS
db:NVDid:CVE-2016-4523
Trust: 4.3
db:ICS CERTid:ICSA-16-159-01
Trust: 3.1
db:ZDIid:ZDI-16-405
Trust: 1.8
db:BIDid:91077
Trust: 1.4
db:CNVDid:CNVD-2016-04028
Trust: 0.8
db:CNNVDid:CNNVD-201606-218
Trust: 0.8
db:JVNDBid:JVNDB-2016-003066
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3575
Trust: 0.7
db:IVDid:A5F1CBB5-A38E-4CA2-BC23-F61CC5F911E2
Trust: 0.2
db:VULMONid:CVE-2016-4523
Trust: 0.1
sources:
            
            
            IVD: a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2 // 
            
            
            
            ZDI: ZDI-16-405 // 
            
            
            
            CNVD: CNVD-2016-04028 // 
            
            
            
            VULMON: CVE-2016-4523 // 
            
            
            
            BID: 91077 // 
            
            
            
            JVNDB: JVNDB-2016-003066 // 
            
            
            
            NVD: CVE-2016-4523 // 
            
            
            
            CNNVD: CNNVD-201606-218

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-159-01
Trust: 3.9
url:http://www.securityfocus.com/bid/91077
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-405
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4523
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4523
Trust: 0.8
url:http://www.trihedral.com/help/#op_welcome/wel_upgradenotes.htm
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=46605
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ostorlab/kev
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-405 // 
            
            
            
            CNVD: CNVD-2016-04028 // 
            
            
            
            VULMON: CVE-2016-4523 // 
            
            
            
            JVNDB: JVNDB-2016-003066 // 
            
            
            
            NVD: CVE-2016-4523 // 
            
            
            
            CNNVD: CNNVD-201606-218

CREDITS
Anonymous
Trust: 1.0
sources:
            
            
            ZDI: ZDI-16-405 // 
            
            
            
            BID: 91077

SOURCES
db:IVDid:a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2
db:ZDIid:ZDI-16-405
db:CNVDid:CNVD-2016-04028
db:VULMONid:CVE-2016-4523
db:BIDid:91077
db:JVNDBid:JVNDB-2016-003066
db:NVDid:CVE-2016-4523
db:CNNVDid:CNNVD-201606-218

LAST UPDATE DATE
2023-12-26T22:44:35.116000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-405date:2016-07-01T00:00:00
db:CNVDid:CNVD-2016-04028date:2016-06-15T00:00:00
db:VULMONid:CVE-2016-4523date:2016-11-28T00:00:00
db:BIDid:91077date:2016-07-06T15:12:00
db:JVNDBid:JVNDB-2016-003066date:2016-06-10T00:00:00
db:NVDid:CVE-2016-4523date:2016-11-28T20:18:36.087
db:CNNVDid:CNNVD-201606-218date:2016-06-12T00:00:00

SOURCES RELEASE DATE
db:IVDid:a5f1cbb5-a38e-4ca2-bc23-f61cc5f911e2date:2016-06-15T00:00:00
db:ZDIid:ZDI-16-405date:2016-07-01T00:00:00
db:CNVDid:CNVD-2016-04028date:2016-06-15T00:00:00
db:VULMONid:CVE-2016-4523date:2016-06-09T00:00:00
db:BIDid:91077date:2016-06-07T00:00:00
db:JVNDBid:JVNDB-2016-003066date:2016-06-10T00:00:00
db:NVDid:CVE-2016-4523date:2016-06-09T10:59:04.073
db:CNNVDid:CNNVD-201606-218date:2016-06-12T00:00:00