CyberSec.Space Logo
Back to CVE Browser

CVE-2014-9192

HIGH
7.8
CVSS Severity Score
EPSS Score0.1810%
EPSS Percentile15.48th
PublishedDec 11, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.

Affected Platforms (CPE)

πŸ“¦
Trihedral

Vtscada

>= 6.5 and < 9.1.20
πŸ“¦
Trihedral

Vtscada

>= 10.0 and < 10.2.22
πŸ“¦
Trihedral

Vtscada

>= 11.0 and < 11.1.07

References & Advisories

πŸ”— http://www.securityfocus.com/bid/71591
πŸ”— http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm
πŸ”— https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02
πŸ”— http://www.securityfocus.com/bid/71591
πŸ”— https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02

Related Vulnerabilities

CVE-2016-45329.1

Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows ...

CVE-2016-45109.1

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentica...

CVE-2017-140317.8

An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privil...

CVE-2017-140297.8

An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute speciall...