Trihedral VTScada

Plan Patch7.5ICS-CERT ICSA-22-300-04Oct 27, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

VTScada contains an input validation vulnerability (CWE-20) that can cause a denial-of-service condition. The vulnerability affects VTScada versions 12.0.38 and earlier. VTScada systems configured to accept incoming HTTP connections are at risk; systems not accepting incoming HTTP connections are unaffected.

What this means

What could happen

An attacker on the network could send specially crafted HTTP requests to crash or hang a VTScada system, interrupting SCADA monitoring and control functions for your facility. This could prevent you from seeing real-time process data or issuing control commands.

Who's at risk

Energy sector organizations using Trihedral VTScada for SCADA monitoring and control should assess this. This impacts anyone running VTScada 12.0.38 or earlier with HTTP server enabled. VTScada is commonly used in electric utilities and power generation facilities for real-time process monitoring.

How it could be exploited

An attacker must be able to reach the VTScada system over HTTP on the network (typically port 80 or 443). They send a malformed or oversized HTTP request that triggers improper input handling, causing the service to become unavailable. No authentication is required.

Prerequisites

Network access to VTScada HTTP port (80 or 443)
VTScada system configured to accept incoming HTTP connections

Remotely exploitableNo authentication requiredLow complexity attackAffects availability (denial of service)Affects control system operations

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

VTScada - VTScada≤ 12.0.3812.0.39 or later

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDIf HTTP access is required, restrict incoming HTTP connections to trusted LAN networks only using firewall rules; block all external HTTP/HTTPS access to VTScada

HARDENINGVerify whether HTTP connections are actually needed for your VTScada deployment; if not, disable HTTP server functionality

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade VTScada to version 12.0.39 or later

Long-term hardening

0/1

HARDENINGIsolate VTScada systems behind firewall from business network and Internet; ensure not accessible from outside your facility network

CVEs (1)

CVE-2022-3181

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/74bbe239-f191-4457-8b3c-f1f1622ee9f8