Trihedral Engineering Limited VTScada Vulnerabilities

Act Now9.1ICS-CERT ICSA-16-159-01Mar 11, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Trihedral Engineering VTScada versions 8.0 through 11.2.01 contain multiple critical vulnerabilities including path traversal (CWE-22) and buffer over-read (CWE-125) flaws that allow unauthenticated remote attackers to read arbitrary files and modify configuration data. The vulnerabilities result from insufficient input validation and improper access controls. Affected SCADA servers exposed to network access can be exploited without valid credentials or user interaction. The vendor has not released a patched version at the time of advisory publication.

What this means

What could happen

An attacker with network access can read sensitive data or modify VTScada configuration and settings without authentication, potentially altering operational parameters, displaying false information to operators, or disrupting SCADA system functionality.

Who's at risk

Energy sector utilities operating Trihedral Engineering VTScada systems for real-time process monitoring and control. This affects SCADA servers in supervisory control layers managing power generation, distribution, or transmission equipment, as well as water and wastewater treatment facilities using VTScada for process automation.

How it could be exploited

An attacker sends a crafted network request to the VTScada server on the default port. The server fails to validate the request origin or credentials, allowing the attacker to read files outside the intended directory or manipulate configuration settings. No user interaction is required.

Prerequisites

Network access to VTScada server port (typically 2552 or web service ports)
VTScada version 8.0 through 11.2.01
No authentication credentials required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (67%)no patch availableaffects critical infrastructure systems

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

VTScada: >=8|<11.2.02≥ 8|<11.2.02No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGNetwork segregation: Place VTScada servers on a separate VLAN with strict firewall rules allowing only authorized operator and engineering workstation access; restrict inbound access to essential ports only

WORKAROUNDDisable unnecessary VTScada services and web interfaces that are not required for operations

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from VTScada servers for suspicious connection attempts or unauthorized file access patterns

HOTFIXEvaluate migration path to VTScada 11.2.02 or later when vendor releases patched version; plan maintenance window for upgrade

HARDENINGImplement intrusion detection or prevention rules to block exploitation attempts targeting path traversal and unauthorized configuration access

CVEs (3)

CVE-2016-4523 CVE-2016-4532 CVE-2016-4510

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/34336fb7-30e6-48af-a368-87ecab041092