Details of VAR-201606-0260

ID

VAR-201606-0260

CVE

CVE-2016-4532

TITLE

Trihedral VTScada Directory Traversal Vulnerability

Trust: 1.4

sources: IVD: 007c45d2-f49c-4f4c-b34a-a12ea1873170 // CNVD: CNVD-2016-04027 // CNNVD: CNNVD-201606-219

DESCRIPTION

Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to properly restrict the path from which images are retrieved. An attacker can leverage this vulnerability to disclose the contents of arbitrary files under the context of the user running the service. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. VTScada is prone to multiple security vulnerabilities. Exploiting these issues will allow attackers to obtain sensitive information, cause denial-of-service conditions or to bypass certain security restrictions and perform unauthorized actions. VTScada versions 8 through 11.2.x are vulnerable

Trust: 3.24

sources: NVD: CVE-2016-4532 // JVNDB: JVNDB-2016-003078 // ZDI: ZDI-16-403 // CNVD: CNVD-2016-04027 // BID: 91077 // IVD: 007c45d2-f49c-4f4c-b34a-a12ea1873170

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 007c45d2-f49c-4f4c-b34a-a12ea1873170 // CNVD: CNVD-2016-04027

AFFECTED PRODUCTS

vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.0.17	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.0.14	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.13	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.0.11	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.0.13	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.06	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.09	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.10	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.0.16	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.05	Trust: 1.6
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.15	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.0.02	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.14	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.05	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.11	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.05	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.0.07	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.24	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.19	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.07	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.1.05	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.13	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.19	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.1.06	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.09	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.08	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8.0.05	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.20	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.18	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.17	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.0.05	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.22	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8.1.06	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8.0.18	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8.0.12	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.0.08	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.0.03	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.03	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8.1.05	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.21	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.1.07	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.14	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.20	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.16	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.02	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.1.12	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.14	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.15	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.11	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.17	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	11.1.21	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8.0.16	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	9.1.20	Trust: 1.0
vendor:	trihedral	model:	vtscada	scope:	eq	version:	10.2.22	Trust: 1.0
vendor:	trihedral engineering	model:	vtscada	scope:	lt	version:	11.x	Trust: 0.8
vendor:	trihedral engineering	model:	vtscada	scope:	eq	version:	8.x from 11.2.02	Trust: 0.8
vendor:	trihedral engineering	model:	vtscada	scope:	-	version:	-	Trust: 0.7
vendor:	trihedral	model:	vtscada	scope:	eq	version:	8	Trust: 0.6
vendor:	trihedral	model:	vtscada	scope:	lt	version:	11.2.02	Trust: 0.6
vendor:	vtscada	model:	-	scope:	eq	version:	10.1.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.1.06	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.1.07	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.1.12	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.0.02	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.0.03	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.0.08	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.02	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.03	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.09	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.11	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.14	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	9.1.20	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.0.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.0.07	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.07	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.08	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.11	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.13	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.14	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.15	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.17	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.19	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.20	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.21	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.2.22	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	8.0.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	8.0.12	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	8.0.16	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	8.0.18	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	8.1.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	8.1.06	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.05	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.06	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.09	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.10	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.13	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.14	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.15	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.16	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.17	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.18	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.19	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.20	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.21	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.22	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	11.1.24	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.0.11	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.0.13	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.0.14	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.0.16	Trust: 0.2
vendor:	vtscada	model:	-	scope:	eq	version:	10.0.17	Trust: 0.2

sources: IVD: 007c45d2-f49c-4f4c-b34a-a12ea1873170 // ZDI: ZDI-16-403 // CNVD: CNVD-2016-04027 // JVNDB: JVNDB-2016-003078 // NVD: CVE-2016-4532 // CNNVD: CNNVD-201606-219

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-4532
value:	CRITICAL
Trust: 1.8
ZDI:	CVE-2016-4532
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2016-04027
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201606-219
value:	MEDIUM
Trust: 0.6
IVD:	007c45d2-f49c-4f4c-b34a-a12ea1873170
value:	MEDIUM
Trust: 0.2

NVD:
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-4532
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
ZDI:	CVE-2016-4532
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2016-04027
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	007c45d2-f49c-4f4c-b34a-a12ea1873170
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

NVD:
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.0
Trust: 1.0
NVD:	CVE-2016-4532
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 007c45d2-f49c-4f4c-b34a-a12ea1873170 // ZDI: ZDI-16-403 // CNVD: CNVD-2016-04027 // JVNDB: JVNDB-2016-003078 // NVD: CVE-2016-4532 // CNNVD: CNNVD-201606-219

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2016-003078 // NVD: CVE-2016-4532

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-219

TYPE

Path traversal

Trust: 0.8

sources: IVD: 007c45d2-f49c-4f4c-b34a-a12ea1873170 // CNNVD: CNNVD-201606-219

CONFIGURATIONS

sources: NVD: CVE-2016-4532

PATCH

title:	ICS-CERT VTScada Security Announcement (ICSA-16-159-01)	url:	https://www.trihedral.com/ics-cert-vtscada-security-announcement	Trust: 0.8
title:	Trihedral Engineering Ltd has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/icsa-16-159-01	Trust: 0.7
title:	Trihedral VTScada directory traversal vulnerability patch	url:	https://www.cnvd.org.cn/patchinfo/show/77535	Trust: 0.6
title:	Trihedral VTScada Fixes for directory traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62175	Trust: 0.6

sources: ZDI: ZDI-16-403 // CNVD: CNVD-2016-04027 // JVNDB: JVNDB-2016-003078 // CNNVD: CNNVD-201606-219

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4532	Trust: 4.2
db:	ICS CERT	id:	ICSA-16-159-01	Trust: 3.0
db:	ZDI	id:	ZDI-16-403	Trust: 1.7
db:	BID	id:	91077	Trust: 1.3
db:	CNVD	id:	CNVD-2016-04027	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-219	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-003078	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3513	Trust: 0.7
db:	IVD	id:	007C45D2-F49C-4F4C-B34A-A12EA1873170	Trust: 0.2

sources: IVD: 007c45d2-f49c-4f4c-b34a-a12ea1873170 // ZDI: ZDI-16-403 // CNVD: CNVD-2016-04027 // BID: 91077 // JVNDB: JVNDB-2016-003078 // NVD: CVE-2016-4532 // CNNVD: CNNVD-201606-219

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-159-01	Trust: 3.7
url:	http://www.securityfocus.com/bid/91077	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-403	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4532	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4532	Trust: 0.8
url:	http://www.trihedral.com/help/#op_welcome/wel_upgradenotes.htm	Trust: 0.6

sources: ZDI: ZDI-16-403 // CNVD: CNVD-2016-04027 // JVNDB: JVNDB-2016-003078 // NVD: CVE-2016-4532 // CNNVD: CNNVD-201606-219

CREDITS

Anonymous

Trust: 1.0

sources: ZDI: ZDI-16-403 // BID: 91077

SOURCES

db:	IVD	id:	007c45d2-f49c-4f4c-b34a-a12ea1873170
db:	ZDI	id:	ZDI-16-403
db:	CNVD	id:	CNVD-2016-04027
db:	BID	id:	91077
db:	JVNDB	id:	JVNDB-2016-003078
db:	NVD	id:	CVE-2016-4532
db:	CNNVD	id:	CNNVD-201606-219

LAST UPDATE DATE

2023-12-18T13:14:32.308000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-403	date:	2016-07-01T00:00:00
db:	CNVD	id:	CNVD-2016-04027	date:	2016-06-15T00:00:00
db:	BID	id:	91077	date:	2016-07-06T15:12:00
db:	JVNDB	id:	JVNDB-2016-003078	date:	2016-06-13T00:00:00
db:	NVD	id:	CVE-2016-4532	date:	2016-11-28T20:18:40.477
db:	CNNVD	id:	CNNVD-201606-219	date:	2016-06-12T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	007c45d2-f49c-4f4c-b34a-a12ea1873170	date:	2016-06-15T00:00:00
db:	ZDI	id:	ZDI-16-403	date:	2016-07-01T00:00:00
db:	CNVD	id:	CNVD-2016-04027	date:	2016-06-15T00:00:00
db:	BID	id:	91077	date:	2016-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2016-003078	date:	2016-06-13T00:00:00
db:	NVD	id:	CVE-2016-4532	date:	2016-06-09T10:59:05.340
db:	CNNVD	id:	CNNVD-201606-219	date:	2016-06-12T00:00:00