Trihedral Engineering Limited VTScada
Plan Patch7.5ICS-CERT ICSA-17-164-01Jun 13, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
VTScada versions before 11.2.26 contain multiple input validation vulnerabilities (CWE-400, CWE-79, CWE-548) that allow remote attackers to trigger denial-of-service conditions. The vulnerabilities do not require authentication and can be exploited with low technical skill. Affected installations will become unresponsive when malicious input is received, preventing normal SCADA operations.
What this means
What could happen
An attacker could send specially crafted network requests to cause the VTScada server to become unresponsive or crash, disrupting SCADA operations at energy facilities that depend on continuous monitoring and control.
Who's at risk
Energy utilities and operators who rely on VTScada (versions before 11.2.26) for SCADA monitoring and control functions should update immediately. This affects centralized energy control systems and remote terminal units that depend on VTScada for normal operations.
How it could be exploited
An attacker on the network sends malformed input or specific request types to the VTScada application on port 912 (or default service port) without credentials. The server crashes or becomes unresponsive due to improper input validation, causing denial of service.
Prerequisites
- Network access to the VTScada server
- VTScada version earlier than 11.2.26
- Attacker does not need valid credentials
remotely exploitableno authentication requiredlow complexityaffects industrial control systemscauses denial of service
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
VTScada:< 11.2.2611.2.26
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade VTScada to version 11.2.26 or later
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/eb48e7c7-2484-44d5-aaaa-88414148ab63