CVE-2014-9192
published 2014-12-11CVE-2014-9192: Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.69%
84.0th percentile
Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trihedral | vtscada | >= 10.0 < 10.2.22 | 10.2.22 |
| trihedral | vtscada | >= 11.0 < 11.1.07 | 11.1.07 |
| trihedral | vtscada | >= 6.5 < 9.1.20 | 9.1.20 |
| trihedral_engineering | vts | >= 10 < 10.2.21 | 10.2.21 |
| trihedral_engineering | vts | >= 6.5 < 9.1.19 | 9.1.19 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Trihedral Engineering Limited VTScada Integer Overflow Vulnerability
cisa_ics·2018-08-23
Trihedral Engineering Limited VTScada Integer Overflow Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Trihedral Engineering Limited VTScada Integer Overflow Vulnerability
Last RevisedAugust 23, 2018
Alert CodeICSA-14-343-02
## OVERVIEW
An anonymous researcher working with HP’s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd’s VTScada application. Trihedral Engineering Limited has produced a patch that mitigates this vulnerability.
This vulnerability could be exploited remotely.
## AFFECTED PRODUCTS
The following VTS and VTScada versions are affected:
- VTS Version 6.5 through 9.1.19
- VTS Version 10 through 10.2.21
- VTScad
GHSA
GHSA-c96m-4x43-q999: Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6
ghsa_unreviewed·2022-05-14
CVE-2014-9192 [MEDIUM] CWE-190 GHSA-c96m-4x43-q999: Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6
Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-12-11
Published