Trihedral Patches Overflow Hole

Wednesday, December 10, 2014 @ 02:12 PM gHale

Trihedral Engineering Ltd. created a patch that mitigates an integer overflow vulnerability in its VTScada application, according to a report on ICS-CERT.

This vulnerability, discovered by an anonymous researcher working with HP’s Zero Day Initiative, is remotely exploitable.

Yokogawa Patches XML External Entity
Yokogawa Mitigates CENTUM, Exaopc Holes
Emerson Updates RTU Mitigations
Elipse Fixes SCADA DNP3 DoS

The following VTS and VTScada versions suffer from the issue:
• VTS Version 6.5 through 9.1.19
• VTS Version 10 through 10.2.21
• VTScada Version 11.0 through 11.1.07

An attacker can exploit this vulnerability to cause an integer overflow, resulting in an attempt to allocate an excessively large memory block. The failure of which would terminate the VTScada server.

Trihedral Engineering Ltd. is a Canada-based company that maintains offices in the United States and the United Kingdom.

The affected products, VTScada (also known as VTS prior to 2013), are Windows-based SCADA systems with a web interface option. VTScada sees action across several sectors including chemical, critical manufacturing, communications, energy, food and agriculture, transportation systems, and water and wastewater systems. Trihedral Engineering Ltd. estimates that these products see use primarily in North America and Europe.

An attacker can cause VTScada to crash on an Internet server if a specifically crafted malformed network request goes into VTScada, even if that attacker does not have security credentials on the server. The malformed network request causes an integer overflow resulting in the attempted allocation of an excessively large buffer. The failure to allocate this buffer will terminate the VTScada server. The crash would not occur accidentally as a result of normal use. This vulnerability has existed in versions of VTScada and VTS since Version 6.5.

CVE-2014-9192 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.

No known public exploits specifically target this vulnerability and an attacker with a low skill would be able to exploit this vulnerability.

Trihedral Engineering Ltd. created three updated versions of software. These software updates are available from Trihedral Engineering Ltd.’s FTP site.

Version Information:
• 11.1.09 – Latest build including newest features and fixes. Any installation key with a maintenance expiration date after January 1, 2014, will work this installation.
• 10.2.22 –Recommended for all users of VTS 10. Any installation key with a maintenance expiration date after December 1, 2010, will work with this installation.
• 09.1.20 – Recommended for all users prior to 10.0. Any installation key with a maintenance expiration date after December 1, 2009, will work with this installation.

Click here for help file notes for upgrading VTScada/VTS.

Leave a Reply

You must be logged in to post a comment.