Trihedral Engineering Limited VTScada

Monitor7.8ICS-CERT ICSA-17-304-02Oct 31, 2017

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

VTScada versions 11.3.03 and earlier contain a privilege escalation vulnerability (CWE-284, CWE-427) that allows a local user account to gain administrative privileges. The vulnerability has low complexity and can be exploited by an attacker with any unprivileged account on the VTScada system, potentially allowing unauthorized control of monitored industrial processes.

What this means

What could happen

An attacker with local access to a VTScada workstation could escalate privileges and gain full control of the system, allowing them to alter monitoring displays, change setpoints, or shut down critical SCADA operations.

Who's at risk

Energy sector organizations running VTScada monitoring and control systems. This affects engineering workstations and SCADA servers used for process visualization, setpoint management, and operational control in power generation and distribution facilities.

How it could be exploited

An attacker with an unprivileged account on the VTScada system exploits weak privilege separation in the application to escalate to administrative access. Once elevated, they can modify system configuration, control logic, or monitoring parameters without further authentication.

Prerequisites

Local user account on the VTScada workstation
VTScada version 11.3.03 or earlier running on the system

low complexityprivilege escalationrequires local accessaffects process control visibility

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

VTScada: 11.3.03 and prior≤ 11.3.03No fix (EOL)

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade VTScada to version 11.3.04 or later

Mitigations - no patch available

0/2

VTScada: 11.3.03 and prior has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGRestrict local user accounts on VTScada workstations to only authorized personnel with documented business justification

HARDENINGApply Windows OS hardening controls (UAC, account restrictions, audit logging) on servers running VTScada to limit local account access

CVEs (2)

CVE-2017-14031 CVE-2017-14029

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cb59f35b-cc7e-4177-971c-b9838acea95e