Trihedral Engineering Limited VTScada Integer Overflow
Summary
| CVE | CVE-2014-9192 |
|---|---|
| State | PUBLISHED |
| Assigner | icscert |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-12-11 15:59:04 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation. |
Risk And Classification
Primary CVSS: v2.0 5 from [email protected]
AV:N/AC:L/Au:N/C:N/I:N/A:P
Problem Types: CWE-190 | CWE-189 | CWE-190 CWE-190
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 2.0 | [email protected] | Primary | 5 | AV:N/AC:L/Au:N/C:N/I:N/A:P | |
| 2.0 | [email protected] | Secondary | 7.8 | AV:N/AC:L/Au:N/C:N/I:N/A:C | |
| 2.0 | CNA | CVSS | 7.8 | AV:N/AC:L/Au:N/C:N/I:N/A:C |
CVSS v2.0 Breakdown
AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Trihedral Engineering | VTS | affected 6.5 9.1.19 custom | Not specified |
| CNA | Trihedral Engineering | VTS | affected 10 10.2.21 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.trihedral.com/help | [email protected] | www.trihedral.com | |
| Trihedral VTScada Integer Overflow Vulnerability | ICS-CERT | af854a3a-2127-422b-91ae-364da2661108 | ics-cert.us-cert.gov | Third Party Advisory, US Government Resource |
| www.securityfocus.com/bid/71591 | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| www.cisa.gov/news-events/ics-advisories/icsa-14-343-02 | [email protected] | www.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: An anonymous researcher working with HP’s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd’s VTScada application. (en)
Additional Advisory Data
Solutions
CNA: Trihedral Engineering Limited has created three updated versions of software. These software updates are available from Trihedral Engineering Ltd.’s FTP site: ftp://ftp.trihedral.com/VTS/ Version Information: * 11.1.09 – Latest build including newest features and fixes. Any installation key with a maintenance expiration date after January 1, 2014, will work this installation. * 10.2.22 –Recommended for all users of VTS 10. Any installation key with a maintenance expiration date after December 1, 2010, will work with this installation. * 09.1.20 – Recommended for all users prior to 10.0. Any installation key with a maintenance expiration date after December 1, 2009, will work with this installation. Help file notes for upgrading VTScada/VTS can be found at: http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm If you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support: 1-855-887-2232 1-902-835-1575 +44 (0) 1224 258910 for the United Kingdom