CVE-2014-9192 - Vulnerability Details - OpenCVE

Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Trihedral	Vtscada

Configuration 1 [-]

OR	cpe:2.3:a:trihedral:vtscada::::::::
	cpe:2.3:a:trihedral:vtscada::::::::
	cpe:2.3:a:trihedral:vtscada::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/71591
http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm
https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02
https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02

History

Fri, 25 Jul 2025 17:00:00 +0000

Type	Values Removed	Values Added
Title		Trihedral Engineering Limited VTScada Integer Overflow
Weaknesses		CWE-190
References		http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02
Metrics	cvssV2_0 `{'score': 5.0, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P'}`	cvssV2_0 `{'score': 7.8, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:C'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2014-12-11T15:00:00

Updated: 2025-07-25T16:46:02.667Z

Reserved: 2014-12-02T00:00:00

Link: CVE-2014-9192

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-12-11T15:59:04.773

Modified: 2025-07-25T17:15:27.680

Link: CVE-2014-9192

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VTS", "vendor": "Trihedral Engineering", "versions": [{"lessThan": "9.1.19", "status": "affected", "version": "6.5", "versionType": "custom"}, {"lessThan": "10.2.21", "status": "affected", "version": "10", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "An anonymous researcher working with HP\u2019s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd\u2019s VTScada application."}], "datePublic": "2014-12-09T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.</p>"}], "value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-25T16:46:02.667Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02"}, {"name": "71591", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71591"}, {"url": "http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Trihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.\u2019s FTP site: <a target=\"_blank\" rel=\"nofollow\">ftp://ftp.trihedral.com/VTS/</a></p>\n<p>Version Information:</p>\n<ul>\n<li>11.1.09 \u2013 Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.</li>\n<li>10.2.22 \u2013Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.</li>\n<li>09.1.20 \u2013 Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.</li>\n</ul><p>Help file notes for upgrading VTScada/VTS can be found at: <a target=\"_blank\" rel=\"nofollow\" href=\"http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm\">http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm</a></p>If you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:<br>1-855-887-2232<br>1-902-835-1575<br>+44 (0) 1224 258910 for the United Kingdom\n\n<br>"}], "value": "Trihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.\u2019s FTP site:\u00a0ftp://ftp.trihedral.com/VTS/\n\n\nVersion Information:\n\n\n\n * 11.1.09 \u2013 Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.\n\n * 10.2.22 \u2013Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.\n\n * 09.1.20 \u2013 Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.\n\n\n\nHelp file notes for upgrading VTScada/VTS can be found at:\u00a0 http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm \n\nIf you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:\n1-855-887-2232\n1-902-835-1575\n+44 (0) 1224 258910 for the United Kingdom"}], "source": {"advisory": "ICSA-14-343-02", "discovery": "EXTERNAL"}, "title": "Trihedral Engineering Limited VTScada Integer Overflow", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2014-9192", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"}, {"name": "71591", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71591"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:24.431Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"}, {"name": "71591", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71591"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-9192", "datePublished": "2014-12-11T15:00:00", "dateReserved": "2014-12-02T00:00:00", "dateUpdated": "2025-07-25T16:46:02.667Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*", "matchCriteriaId": "484C73EE-529B-46EE-9B2F-009EC6E524D9", "versionEndExcluding": "9.1.20", "versionStartIncluding": "6.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*", "matchCriteriaId": "D41BC6F8-1088-44D0-9B91-EE6546D04772", "versionEndExcluding": "10.2.22", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:trihedral:vtscada:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDBE315F-99C1-4A04-9E17-C95BBBD238DD", "versionEndExcluding": "11.1.07", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."}, {"lang": "es", "value": "Desbordamiento de enteros en Trihedral Engineering VTScada (anteriormente VTS) 6.5 hasta 9.x anterior a 9.1.20, 10.x anterior a 10.2.22, y 11.x anterior a 11.1.07 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del servidor) a trav\u00e9s de una solicitud manipulada, lo que provoca una reserva de memoria grande."}], "id": "CVE-2014-9192", "lastModified": "2025-07-25T17:15:27.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-11T15:59:04.773", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/71591"}, {"source": "[email protected]", "url": "http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm"}, {"source": "[email protected]", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/71591"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-189"}], "source": "[email protected]", "type": "Secondary"}]}