Trihedral VTScada Software security update

Number: AV16-093
Date: 9 June 2016

Purpose

The purpose of this advisory is to bring attention to a VTScada security update released by Trihedral Engineering.

Assessment

Trihedral Engineering released a security update for VTScada software to address multiple vulnerabilities (high to critical).  An attacker could remotely exploit these vulnerabilities to read arbitrary files or cause denial-of-service conditions.

Affected versions:
VTScada after version 8 and prior to version 11.2.02

CVE References: CVE-2016-4510, CVE-2016-4523, CVE-2016-4532

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

ICS-CERT Advisory (ICSA-16-159-01):
https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01

Trihedral VTScada Security Updates (FTP):
ftp://ftp.trihedral.com/VTS/

Date modified: