Number: AV16-093
Date: 9 June 2016
Purpose
The purpose of this advisory is to bring attention to a VTScada security update released by Trihedral Engineering.
Assessment
Trihedral Engineering released a security update for VTScada software to address multiple vulnerabilities (high to critical). An attacker could remotely exploit these vulnerabilities to read arbitrary files or cause denial-of-service conditions.
Affected versions:
VTScada after version 8 and prior to version 11.2.02
CVE References: CVE-2016-4510, CVE-2016-4523, CVE-2016-4532
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References:
ICS-CERT Advisory (ICSA-16-159-01):
https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01
Trihedral VTScada Security Updates (FTP):
ftp://ftp.trihedral.com/VTS/