CVE-2022-3181
published 2022-11-02CVE-2022-3181: An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.66%
47.0th percentile
An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trihedral | vtscada | <= 12.0.38 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Trihedral VTScada
cisa_ics·2022-10-27·CVSS 7.5
[HIGH] Trihedral VTScada
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Trihedral VTScada
Last RevisedOctober 27, 2022
Alert CodeICSA-22-300-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Trihedral
- Equipment: VTScada
- Vulnerability: Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could cause a denial-of-service condition in the affected product.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of VTScada software are affected:
- VTScada Versions 12.0.38 and prior configured to accept incoming HTTP(S) connectio
GHSA
GHSA-5w2r-5335-7hhx: An Improper Input Validation vulnerability exists in Trihedral VTScada version 12
ghsa_unreviewed·2022-11-03
CVE-2022-3181 [HIGH] CWE-20 GHSA-5w2r-5335-7hhx: An Improper Input Validation vulnerability exists in Trihedral VTScada version 12
An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-02
Published