CVE-2016-4523
Published: 09 June 2016
Summary
CVE-2016-4523 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Trihedral Vtscada. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is an out-of-bounds read (CWE-125) in the WAP interface of Trihedral VTScada (formerly VTS) versions 8.x through 11.x prior to 11.2.02. It is rated 7.5 on CVSS 3.1 with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and can trigger an application crash.
Remote unauthenticated attackers can exploit the flaw over the network to cause a denial of service. The attack requires no user interaction and results only in loss of availability with no impact on confidentiality or integrity.
Public references include ICS-CERT advisory ICSA-16-159-01 and Zero Day Initiative advisory ZDI-16-405, which direct users to vendor updates addressing the issue. No information on observed in-the-wild exploitation is provided in the source data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-5510
Vulnerability details
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.
- CWE(s)
- KEV Date Added
- 15 April 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch (11.2.02) that eliminates the out-of-bounds read in the WAP interface.
Mandates validation of all input to the WAP interface, blocking the malformed data that triggers the CWE-125 out-of-bounds read and crash.
Requires mechanisms to protect against or limit denial-of-service effects from network requests targeting the vulnerable WAP interface.