Sign-up

ID

VAR-201711-0416


CVE

CVE-2017-14029


TITLE

Trihedral Engineering Limited VTScada DLL Hijacking vulnerability

Trust: 0.8

sources: IVD: c562c215-19e3-4491-81b1-bb0f615e15c7 // CNVD: CNVD-2017-32170

DESCRIPTION

An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine. Trihedral VTScada Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. There are multiple vulnerabilities in Trihedral Engineering Limited VTScada. An attacker could execute arbitrary script code in an affected application or bypass an security restriction to perform an unauthorized operation

Trust: 3.33

sources: NVD: CVE-2017-14029 // JVNDB: JVNDB-2017-009927 // CNVD: CNVD-2018-16270 // CNVD: CNVD-2017-32170 // BID: 101629 // IVD: e2f8ae50-39ab-11e9-bd77-000c29342cb1 // IVD: c562c215-19e3-4491-81b1-bb0f615e15c7

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.6

sources: IVD: e2f8ae50-39ab-11e9-bd77-000c29342cb1 // IVD: c562c215-19e3-4491-81b1-bb0f615e15c7 // CNVD: CNVD-2018-16270 // CNVD: CNVD-2017-32170

AFFECTED PRODUCTS

vendor:trihedralmodel:engineering limited vtscadascope:eqversion:11.3.2

Trust: 1.1

vendor:trihedralmodel:vtscadascope:lteversion:11.3.03

Trust: 1.0

vendor:trihedralmodel:engineering limited vtscadascope:eqversion:11.3.3

Trust: 0.9

vendor:trihedral engineeringmodel:vtscadascope:lteversion:11.3.03

Trust: 0.8

vendor:trihedralmodel:engineering limited vtscadascope:lteversion:<=11.3.03

Trust: 0.6

vendor:trihedralmodel:vtscadascope:eqversion:11.3.03

Trust: 0.6

vendor:trihedralmodel:engineering limited vtscadascope:neversion:11.3.5

Trust: 0.3

vendor:trihedralmodel:engineering limited vtscadascope:eqversion:11.3.3*

Trust: 0.2

vendor:vtscadamodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f8ae50-39ab-11e9-bd77-000c29342cb1 // IVD: c562c215-19e3-4491-81b1-bb0f615e15c7 // CNVD: CNVD-2018-16270 // CNVD: CNVD-2017-32170 // BID: 101629 // JVNDB: JVNDB-2017-009927 // CNNVD: CNNVD-201708-1246 // NVD: CVE-2017-14029

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14029
value: HIGH

Trust: 1.0

NVD: CVE-2017-14029
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-16270
value: HIGH

Trust: 0.6

CNVD: CNVD-2017-32170
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201708-1246
value: HIGH

Trust: 0.6

IVD: e2f8ae50-39ab-11e9-bd77-000c29342cb1
value: HIGH

Trust: 0.2

IVD: c562c215-19e3-4491-81b1-bb0f615e15c7
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2017-14029
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-16270
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2017-32170
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f8ae50-39ab-11e9-bd77-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: c562c215-19e3-4491-81b1-bb0f615e15c7
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-14029
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f8ae50-39ab-11e9-bd77-000c29342cb1 // IVD: c562c215-19e3-4491-81b1-bb0f615e15c7 // CNVD: CNVD-2018-16270 // CNVD: CNVD-2017-32170 // JVNDB: JVNDB-2017-009927 // CNNVD: CNNVD-201708-1246 // NVD: CVE-2017-14029

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.8

sources: JVNDB: JVNDB-2017-009927 // NVD: CVE-2017-14029

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201708-1246

TYPE

Code problem

Trust: 0.8

sources: IVD: c562c215-19e3-4491-81b1-bb0f615e15c7 // CNNVD: CNNVD-201708-1246

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009927

PATCH
title:Moving to the Current Versionurl:https://www.trihedral.com/help/Content/Op_Welcome/Wel_UpgradeNotes.htm
Trust: 0.8
title:Trihedral Engineering Limited VTScada ICSA-17-304-0 patch with multiple vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/137735
Trust: 0.6
title:Trihedral Engineering Limited VTScada DLL hijacking vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/105112
Trust: 0.6
title:Trihedral VTScada Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100009
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-16270 // 
            
            
            
            CNVD: CNVD-2017-32170 // 
            
            
            
            JVNDB: JVNDB-2017-009927 // 
            
            
            
            CNNVD: CNNVD-201708-1246

EXTERNAL IDS
db:ICS CERTid:ICSA-17-304-02
Trust: 3.3
db:NVDid:CVE-2017-14029
Trust: 3.2
db:BIDid:101629
Trust: 0.9
db:CNVDid:CNVD-2018-16270
Trust: 0.8
db:CNVDid:CNVD-2017-32170
Trust: 0.8
db:CNNVDid:CNNVD-201708-1246
Trust: 0.8
db:JVNDBid:JVNDB-2017-009927
Trust: 0.8
db:IVDid:E2F8AE50-39AB-11E9-BD77-000C29342CB1
Trust: 0.2
db:IVDid:C562C215-19E3-4491-81B1-BB0F615E15C7
Trust: 0.2
sources:
            
            
            IVD: e2f8ae50-39ab-11e9-bd77-000c29342cb1 // 
            
            
            
            IVD: c562c215-19e3-4491-81b1-bb0f615e15c7 // 
            
            
            
            CNVD: CNVD-2018-16270 // 
            
            
            
            CNVD: CNVD-2017-32170 // 
            
            
            
            BID: 101629 // 
            
            
            
            JVNDB: JVNDB-2017-009927 // 
            
            
            
            CNNVD: CNNVD-201708-1246 // 
            
            
            
            NVD: CVE-2017-14029

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-304-02
Trust: 3.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14029
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14029
Trust: 0.8
url:http://www.securityfocus.com/bid/101629
Trust: 0.6
url:www.trihedral.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-16270 // 
            
            
            
            CNVD: CNVD-2017-32170 // 
            
            
            
            BID: 101629 // 
            
            
            
            JVNDB: JVNDB-2017-009927 // 
            
            
            
            CNNVD: CNNVD-201708-1246 // 
            
            
            
            NVD: CVE-2017-14029

CREDITS
Karn Ganeshen and Mark Cross.
Trust: 0.3
sources:
            
            
            BID: 101629

SOURCES
db:IVDid:e2f8ae50-39ab-11e9-bd77-000c29342cb1
db:IVDid:c562c215-19e3-4491-81b1-bb0f615e15c7
db:CNVDid:CNVD-2018-16270
db:CNVDid:CNVD-2017-32170
db:BIDid:101629
db:JVNDBid:JVNDB-2017-009927
db:CNNVDid:CNNVD-201708-1246
db:NVDid:CVE-2017-14029

LAST UPDATE DATE
2025-04-20T23:27:14.797000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-16270date:2018-08-27T00:00:00
db:CNVDid:CNVD-2017-32170date:2017-11-01T00:00:00
db:BIDid:101629date:2017-12-19T22:36:00
db:JVNDBid:JVNDB-2017-009927date:2017-11-29T00:00:00
db:CNNVDid:CNNVD-201708-1246date:2019-10-17T00:00:00
db:NVDid:CVE-2017-14029date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:e2f8ae50-39ab-11e9-bd77-000c29342cb1date:2018-08-27T00:00:00
db:IVDid:c562c215-19e3-4491-81b1-bb0f615e15c7date:2017-11-01T00:00:00
db:CNVDid:CNVD-2018-16270date:2018-08-27T00:00:00
db:CNVDid:CNVD-2017-32170date:2017-11-01T00:00:00
db:BIDid:101629date:2017-10-31T00:00:00
db:JVNDBid:JVNDB-2017-009927date:2017-11-29T00:00:00
db:CNNVDid:CNNVD-201708-1246date:2017-08-31T00:00:00
db:NVDid:CVE-2017-14029date:2017-11-06T22:29:00.350