{"api_version":"1","generated_at":"2026-07-07T04:16:54+00:00","cve":"CVE-2014-9192","urls":{"html":"https://cve.report/CVE-2014-9192","api":"https://cve.report/api/cve/CVE-2014-9192.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-9192","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-9192"},"summary":{"title":"Trihedral Engineering Limited VTScada Integer Overflow","description":"Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.","state":"PUBLISHED","assigner":"icscert","published_at":"2014-12-11 15:59:04","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-190","CWE-189","CWE-190 CWE-190"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"}},{"version":"2.0","source":"ics-cert@hq.dhs.gov","type":"Secondary","score":"7.8","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:N/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"}},{"version":"2.0","source":"CNA","type":"CVSS","score":"7.8","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:N/A:C","data":{"accessComplexity":"LOW","accessVector":"NETWORK","authentication":"NONE","availabilityImpact":"COMPLETE","baseScore":7.8,"confidentialityImpact":"NONE","integrityImpact":"NONE","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","version":"2.0"}}],"references":[{"url":"http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm","name":"http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm","refsource":"ics-cert@hq.dhs.gov","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02","name":"https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Trihedral VTScada Integer Overflow Vulnerability | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/71591","name":"http://www.securityfocus.com/bid/71591","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02","name":"https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02","refsource":"ics-cert@hq.dhs.gov","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-9192","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9192","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Trihedral Engineering","product":"VTS","version":"affected 6.5 9.1.19 custom","platforms":[]},{"source":"CNA","vendor":"Trihedral Engineering","product":"VTS","version":"affected 10 10.2.21 custom","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Trihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.’s FTP site: ftp://ftp.trihedral.com/VTS/\n\n\nVersion Information:\n\n\n\n  *  11.1.09 – Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.\n\n  *  10.2.22 –Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.\n\n  *  09.1.20 – Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.\n\n\n\nHelp file notes for upgrading VTScada/VTS can be found at:  http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm \n\nIf you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:\n1-855-887-2232\n1-902-835-1575\n+44 (0) 1224 258910 for the United Kingdom","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"An anonymous researcher working with HP’s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd’s VTScada application.","lang":"en"}],"nvd_cpes":[{"cve_year":"2014","cve_id":"9192","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T13:40:24.431Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"},{"name":"71591","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/71591"}],"title":"CVE Program Container"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"VTS","vendor":"Trihedral Engineering","versions":[{"lessThan":"9.1.19","status":"affected","version":"6.5","versionType":"custom"},{"lessThan":"10.2.21","status":"affected","version":"10","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"An anonymous researcher working with HP’s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd’s VTScada application."}],"datePublic":"2014-12-09T07:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.</p>"}],"value":"Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."}],"metrics":[{"cvssV2_0":{"accessComplexity":"LOW","accessVector":"NETWORK","authentication":"NONE","availabilityImpact":"COMPLETE","baseScore":7.8,"confidentialityImpact":"NONE","integrityImpact":"NONE","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","version":"2.0"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"CWE-190","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-07-25T16:46:02.667Z","orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02"},{"name":"71591","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/71591"},{"url":"http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Trihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.’s FTP site:&nbsp;<a target=\"_blank\" rel=\"nofollow\">ftp://ftp.trihedral.com/VTS/</a></p>\n<p>Version Information:</p>\n<ul>\n<li>11.1.09 – Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.</li>\n<li>10.2.22 –Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.</li>\n<li>09.1.20 – Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.</li>\n</ul><p>Help file notes for upgrading VTScada/VTS can be found at:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm\">http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm</a></p>If you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:<br>1-855-887-2232<br>1-902-835-1575<br>+44 (0) 1224 258910 for the United Kingdom\n\n<br>"}],"value":"Trihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.’s FTP site: ftp://ftp.trihedral.com/VTS/\n\n\nVersion Information:\n\n\n\n  *  11.1.09 – Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.\n\n  *  10.2.22 –Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.\n\n  *  09.1.20 – Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.\n\n\n\nHelp file notes for upgrading VTScada/VTS can be found at:  http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm \n\nIf you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:\n1-855-887-2232\n1-902-835-1575\n+44 (0) 1224 258910 for the United Kingdom"}],"source":{"advisory":"ICSA-14-343-02","discovery":"EXTERNAL"},"title":"Trihedral Engineering Limited VTScada Integer Overflow","x_generator":{"engine":"Vulnogram 0.2.0"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2014-9192","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02","refsource":"MISC","url":"https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"},{"name":"71591","refsource":"BID","url":"http://www.securityfocus.com/bid/71591"}]}}}},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2014-9192","datePublished":"2014-12-11T15:00:00.000Z","dateReserved":"2014-12-02T00:00:00.000Z","dateUpdated":"2025-07-25T16:46:02.667Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-12-11 15:59:04","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-190","CWE-189","CWE-190 CWE-190"],"metrics":{"cvssMetricV2":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"9.1.20","matchCriteriaId":"484C73EE-529B-46EE-9B2F-009EC6E524D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0","versionEndExcluding":"10.2.22","matchCriteriaId":"D41BC6F8-1088-44D0-9B91-EE6546D04772"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.1.07","matchCriteriaId":"DDBE315F-99C1-4A04-9E17-C95BBBD238DD"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"9192","Ordinal":"1","Title":"Trihedral Engineering Limited VTScada Integer Overflow","CVE":"CVE-2014-9192","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"9192","Ordinal":"1","NoteData":"Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.","Type":"Description","Title":"Trihedral Engineering Limited VTScada Integer Overflow"},{"CveYear":"2014","CveId":"9192","Ordinal":"2","NoteData":"2014-12-11","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"9192","Ordinal":"3","NoteData":"2016-12-29","Type":"Other","Title":"Modified"}]}}}