CVE-2017-6045
published 2017-06-21CVE-2017-6045: An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to…
PriorityP341high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
1.68%
74.0th percentile
An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trihedral | vtscada | <= 11.2.23 | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c2gj-rqw8-v3hw: An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11
ghsa_unreviewed·2022-05-13
CVE-2017-6045 [HIGH] CWE-200 GHSA-c2gj-rqw8-v3hw: An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11
An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.
CISA ICS
Trihedral Engineering Limited VTScada
cisa_ics·2017-10-31
Trihedral Engineering Limited VTScada
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Trihedral Engineering Limited VTScada
Last RevisedOctober 31, 2017
Alert CodeICSA-17-164-01
## CVSS v3 7.5
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Trihedral Engineering Limited
Equipment: VTScada
Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure
## AFFECTED PRODUCTS
The following versions of VTScada, an HMI SCADA software, are affected:
- VTScada Versions prior to 11.2.26
## IMPACT
Successful exploitation of these vulnerabilities could result in uncontrolled resource consumption, arbitrary code execution, or infor
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-06-21
Published