{"api_version":"1","generated_at":"2026-07-07T04:16:28+00:00","cve":"CVE-2016-4532","urls":{"html":"https://cve.report/CVE-2016-4532","api":"https://cve.report/api/cve/CVE-2016-4532.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-4532","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-4532"},"summary":{"title":"CVE-2016-4532","description":"Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.","state":"PUBLISHED","assigner":"icscert","published_at":"2016-06-09 10:59:05","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-22","n/a"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"9.1","severity":"CRITICAL","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.4","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01","name":"https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Trihedral VTScada Vulnerabilities | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/91077","name":"http://www.securityfocus.com/bid/91077","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VTScada WAP interface Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-16-403","name":"http://www.zerodayinitiative.com/advisories/ZDI-16-403","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"ZDI-16-403 | Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-4532","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4532","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.0.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.0.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.0.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.0.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.0.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.1.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.1.06","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.1.07","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.1.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.2.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.2.07","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.2.08","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.2.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.2.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.2.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.2.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.2.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.2.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.2.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.2.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"10.2.22","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.0.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.0.07","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.06","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.09","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.22","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"11.1.24","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"8.0.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"8.0.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"8.0.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"8.0.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"8.1.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"8.1.06","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"9.0.02","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"9.0.03","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"9.0.08","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"9.1.02","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"9.1.03","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"9.1.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"9.1.09","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"9.1.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"9.1.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4532","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trihedral","cpe5":"vtscada","cpe6":"9.1.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T00:32:25.760Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.zerodayinitiative.com/advisories/ZDI-16-403"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"},{"name":"91077","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/91077"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2016-06-07T00:00:00.000Z","descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-11-25T22:57:01.000Z","orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert"},"references":[{"tags":["x_refsource_MISC"],"url":"http://www.zerodayinitiative.com/advisories/ZDI-16-403"},{"tags":["x_refsource_MISC"],"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"},{"name":"91077","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/91077"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2016-4532","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.zerodayinitiative.com/advisories/ZDI-16-403","refsource":"MISC","url":"http://www.zerodayinitiative.com/advisories/ZDI-16-403"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01"},{"name":"91077","refsource":"BID","url":"http://www.securityfocus.com/bid/91077"}]}}}},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2016-4532","datePublished":"2016-06-09T10:00:00.000Z","dateReserved":"2016-05-05T00:00:00.000Z","dateUpdated":"2024-08-06T00:32:25.760Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2016-06-09 10:59:05","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-22","n/a"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.1.05:*:*:*:*:*:*:*","matchCriteriaId":"CE5FB3C2-42F0-4112-835F-EF71D4E17D2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.1.06:*:*:*:*:*:*:*","matchCriteriaId":"49946BC8-E01F-4F74-88B4-5F0B1A6179C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.1.07:*:*:*:*:*:*:*","matchCriteriaId":"0E9BB54A-83AE-41F8-B40B-BC3CB37683DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.1.12:*:*:*:*:*:*:*","matchCriteriaId":"DEA21497-E048-4510-AA31-887235217F80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:9.0.02:*:*:*:*:*:*:*","matchCriteriaId":"F47D9BD4-A05E-4696-A6D9-7AEFE20BBD14"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:9.0.03:*:*:*:*:*:*:*","matchCriteriaId":"A1A85151-B206-4307-88C3-9107366C867F"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:9.0.08:*:*:*:*:*:*:*","matchCriteriaId":"3A1D1396-B8FA-4092-B136-899E2167B446"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:9.1.02:*:*:*:*:*:*:*","matchCriteriaId":"C1277933-197D-45D8-940C-1951212F9D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:9.1.03:*:*:*:*:*:*:*","matchCriteriaId":"6D5D9BD5-6C99-45E0-9CE0-B25C2C5353F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:9.1.05:*:*:*:*:*:*:*","matchCriteriaId":"42DB3997-3DCF-403F-B054-3F8AF25BC089"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:9.1.09:*:*:*:*:*:*:*","matchCriteriaId":"B5535DFC-4C77-4339-9C7A-C38BEC4404BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:9.1.11:*:*:*:*:*:*:*","matchCriteriaId":"6DC20DC9-6606-460E-97AE-02D1F579E37C"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:9.1.14:*:*:*:*:*:*:*","matchCriteriaId":"DBC2BF11-CE15-4216-928B-BF63B587FE8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:9.1.20:*:*:*:*:*:*:*","matchCriteriaId":"1BCCFB2C-00B7-4828-BCE3-97EBC4057669"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.0.05:*:*:*:*:*:*:*","matchCriteriaId":"B5EB9BB9-F8C9-4661-AC5A-E3FD79AD4EEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.0.07:*:*:*:*:*:*:*","matchCriteriaId":"D5E6832C-B4EA-4A72-8ADF-B17F76DEE676"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.2.05:*:*:*:*:*:*:*","matchCriteriaId":"40460E2C-6919-4BF1-9E24-B3EE408FA995"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.2.07:*:*:*:*:*:*:*","matchCriteriaId":"3C031266-31AF-436C-9F36-D7112D1EE9BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.2.08:*:*:*:*:*:*:*","matchCriteriaId":"862D6C1B-0765-43C9-BD39-7C9F90025C50"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.2.11:*:*:*:*:*:*:*","matchCriteriaId":"95A94950-0F03-42FD-A74D-8ADE7A59DDD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.2.13:*:*:*:*:*:*:*","matchCriteriaId":"0B1798A8-EC8D-4CC5-AEBA-16EC45D1E754"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.2.14:*:*:*:*:*:*:*","matchCriteriaId":"57B7C44C-9920-439A-BDDD-EC3C3DC171A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.2.15:*:*:*:*:*:*:*","matchCriteriaId":"0F4BFACD-CEDB-4F1C-8BA6-E8B0BEF735F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.2.17:*:*:*:*:*:*:*","matchCriteriaId":"10349B72-13D3-4B70-B8CB-1223381F3630"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.2.19:*:*:*:*:*:*:*","matchCriteriaId":"721D6C57-2ADA-4400-A876-80281819CE1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.2.20:*:*:*:*:*:*:*","matchCriteriaId":"4266371D-4476-4455-8CAF-83DAD092783C"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.2.21:*:*:*:*:*:*:*","matchCriteriaId":"92EBB482-30B1-4AB3-A26A-0F1B66DFE5F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.2.22:*:*:*:*:*:*:*","matchCriteriaId":"1AC79329-249A-41C6-A545-B681DD494606"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:8.0.05:*:*:*:*:*:*:*","matchCriteriaId":"35A5A441-F299-4E51-B2BF-872F263AC96C"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:8.0.12:*:*:*:*:*:*:*","matchCriteriaId":"D881DA9B-332A-47B0-9E1D-3936CC0E1761"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:8.0.16:*:*:*:*:*:*:*","matchCriteriaId":"8DB1488E-ABD2-443A-B51C-328FF32D4E52"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:8.0.18:*:*:*:*:*:*:*","matchCriteriaId":"EFB14116-AA51-408D-B632-5605CCD18D7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:8.1.05:*:*:*:*:*:*:*","matchCriteriaId":"5B1122D8-6E21-40A8-916A-E66622146CC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:8.1.06:*:*:*:*:*:*:*","matchCriteriaId":"AB0611D9-9C16-480A-BDB8-CC4FA289E6FF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.05:*:*:*:*:*:*:*","matchCriteriaId":"5ED3D431-13B0-4A2C-BE9F-64B89877DEEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.06:*:*:*:*:*:*:*","matchCriteriaId":"E6C1112A-8D28-4E58-B6E6-A8E95C09B06C"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.09:*:*:*:*:*:*:*","matchCriteriaId":"9155F402-CED2-47BE-A77E-04B8CA33C820"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.10:*:*:*:*:*:*:*","matchCriteriaId":"B0BC5077-7CE2-4670-8DCE-89168EB9EB45"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.13:*:*:*:*:*:*:*","matchCriteriaId":"3121360F-A114-46C9-A2D2-183B9481E9D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.14:*:*:*:*:*:*:*","matchCriteriaId":"3C0EAFD7-0D67-4865-8537-E81B193A11B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.15:*:*:*:*:*:*:*","matchCriteriaId":"0921489A-10AA-46D1-AD45-F29F0D97E302"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.16:*:*:*:*:*:*:*","matchCriteriaId":"1C4BB39D-3EC5-4F81-9AB8-C003FB40ECE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.17:*:*:*:*:*:*:*","matchCriteriaId":"E3F18ED0-7095-4126-B839-688994778D45"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.18:*:*:*:*:*:*:*","matchCriteriaId":"5775D09F-02F8-45FE-94E4-B5BAB6A5FFFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.19:*:*:*:*:*:*:*","matchCriteriaId":"6EA6AD0D-B2EA-4112-B437-F87C4265B9CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.20:*:*:*:*:*:*:*","matchCriteriaId":"6C41FA48-FDAF-48FC-9E98-F95C2E9AC835"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.21:*:*:*:*:*:*:*","matchCriteriaId":"EA71226A-7AFA-4185-A8A5-174C44C173C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.22:*:*:*:*:*:*:*","matchCriteriaId":"1203617F-45D8-47C3-B32D-0F0DED539D24"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:11.1.24:*:*:*:*:*:*:*","matchCriteriaId":"FDF04525-41E4-4DEE-BBF0-268F8B6969DB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.0.11:*:*:*:*:*:*:*","matchCriteriaId":"697CBAB8-7025-44A6-A5A6-AFDDFA506CF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.0.13:*:*:*:*:*:*:*","matchCriteriaId":"8AC6FD46-0B0B-4859-A25C-292257454B66"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.0.14:*:*:*:*:*:*:*","matchCriteriaId":"C42E3FF1-2FF0-433A-B450-185079707242"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.0.16:*:*:*:*:*:*:*","matchCriteriaId":"591B8DE2-8150-4E4B-B293-D58598112E3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:trihedral:vtscada:10.0.17:*:*:*:*:*:*:*","matchCriteriaId":"F9D4C8A2-1B3B-4A2C-BADC-B3745F4001F7"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"4532","Ordinal":"1","Title":"CVE-2016-4532","CVE":"CVE-2016-4532","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"4532","Ordinal":"1","NoteData":"Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.","Type":"Description","Title":"CVE-2016-4532"},{"CveYear":"2016","CveId":"4532","Ordinal":"2","NoteData":"2016-06-09","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"4532","Ordinal":"3","NoteData":"2016-11-25","Type":"Other","Title":"Modified"}]}}}