CVE-2016-4523
HIGH KEVTrihedral VTScada 8.0.05-11.x < 11.2.02 - Denial of Service via WAP Interface
Title source: llmExploitation Summary
CVE-2016-4523 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 15, 2022.
Description
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.
References (4)
Core 4
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91077
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-16-405
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4523
Scores
CVSS v3
7.5
EPSS
0.6543
EPSS Percentile
98.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2022-04-15
VulnCheck KEV
2022-01-12
InTheWild.io
2022-04-15
ENISA EUVD
EUVD-2016-5510
CWE
CWE-125
Status
published
Products (1)
trihedral/vtscada
8.0.05 - 11.2.02
Published
Jun 09, 2016
KEV Added
Apr 15, 2022
Tracked Since
Feb 18, 2026