Trihedral VTScada 6.5.x < 9.1.20 / 10.x < 10.2.22 / 11.x < 11.1.09 HTTP Server DoS

High Nessus Plugin ID 84587


An application running on the remote host is affected by a denial of service vulnerability.


The version of Trihedral Engineering VTScada installed on the remote host is prior to 9.1.20, 10.x prior to 10.2.22, or 11.x prior to 11.1.09. It is, therefore, affected by a denial of service vulnerability due to an integer overflow condition in the included HTTP server. A remote, unauthenticated attacker, using a crafted packet containing small negative content length, can exploit this issue to trigger a large memory allocation, resulting in a server crash.


Upgrade to Trihedral Engineering VTScada version 9.1.20 / 10.2.22 / 11.1.09 or later.

See Also

Plugin Details

Severity: High

ID: 84587

File Name: scada_trihedral_vtscada_11_1_09.nbin

Version: $Revision: 1.21 $

Type: local

Family: SCADA

Published: 2015/07/07

Modified: 2018/01/29

Dependencies: 84586

Risk Information

Risk Factor: High


Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/a:trihedral:vtscada

Required KB Items: installed_sw/Trihedral Engineering VTScada

Patch Publication Date: 2014/12/09

Vulnerability Publication Date: 2014/12/09

Reference Information

CVE: CVE-2014-9192

BID: 71591

OSVDB: 115600

ICSA: 14-343-02