Details of VAR-201804-0506

ID

VAR-201804-0506

CVE

CVE-2017-6020

TITLE

LAquis SCADA Path traversal vulnerability

Trust: 0.8

sources: IVD: ba452eb2-f54b-4527-b139-cb294893a8cf // CNVD: CNVD-2017-11031

DESCRIPTION

Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level. Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA Contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability.The specific flaw exists within global processing of requests inside the web server. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. A security vulnerability exists in versions prior to LAquis SCADA 4.1.0.3237. LAquis SCADA Software is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This may aid in further attacks

Trust: 3.24

sources: NVD: CVE-2017-6020 // JVNDB: JVNDB-2017-013274 // ZDI: ZDI-17-286 // CNVD: CNVD-2017-11031 // BID: 97055 // IVD: ba452eb2-f54b-4527-b139-cb294893a8cf

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: ba452eb2-f54b-4527-b139-cb294893a8cf // CNVD: CNVD-2017-11031

AFFECTED PRODUCTS

vendor:	lcds	model:	laquis scada	scope:	lt	version:	4.1.0.3237	Trust: 1.8
vendor:	laquis scada	model:	software	scope:	-	version:	-	Trust: 0.7
vendor:	lcds	model:	le\303\243o consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	eq	version:	-<=4.1.0.3237	Trust: 0.6
vendor:	lcds	model:	leão consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	eq	version:	-4.1	Trust: 0.3
vendor:	lcds	model:	leão consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	ne	version:	-4.1.0.3237	Trust: 0.3
vendor:	laquis scada	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: ba452eb2-f54b-4527-b139-cb294893a8cf // ZDI: ZDI-17-286 // CNVD: CNVD-2017-11031 // BID: 97055 // JVNDB: JVNDB-2017-013274 // NVD: CVE-2017-6020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6020
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6020
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2017-6020
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2017-11031
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201702-592
value:	MEDIUM
Trust: 0.6
IVD:	ba452eb2-f54b-4527-b139-cb294893a8cf
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2017-6020
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2017-6020
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2017-11031
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	ba452eb2-f54b-4527-b139-cb294893a8cf
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-6020
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: IVD: ba452eb2-f54b-4527-b139-cb294893a8cf // ZDI: ZDI-17-286 // CNVD: CNVD-2017-11031 // JVNDB: JVNDB-2017-013274 // CNNVD: CNNVD-201702-592 // NVD: CVE-2017-6020

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2017-013274 // NVD: CVE-2017-6020

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-592

TYPE

Path traversal

Trust: 0.8

sources: IVD: ba452eb2-f54b-4527-b139-cb294893a8cf // CNNVD: CNNVD-201702-592

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013274

PATCH

title:	Top Page	url:	http://www.lcds.com.br/	Trust: 0.8
title:	LAquis SCADA has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01	Trust: 0.7
title:	LAquis SCADA Path Traversal Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/96375	Trust: 0.6
title:	LCDS LTDA ME LAquis SCADA Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99647	Trust: 0.6

sources: ZDI: ZDI-17-286 // CNVD: CNVD-2017-11031 // JVNDB: JVNDB-2017-013274 // CNNVD: CNNVD-201702-592

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6020	Trust: 4.2
db:	ICS CERT	id:	ICSA-17-082-01	Trust: 3.3
db:	BID	id:	97055	Trust: 1.9
db:	EXPLOIT-DB	id:	42885	Trust: 1.6
db:	CNVD	id:	CNVD-2017-11031	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-592	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-013274	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-4523	Trust: 0.7
db:	ZDI	id:	ZDI-17-286	Trust: 0.7
db:	IVD	id:	BA452EB2-F54B-4527-B139-CB294893A8CF	Trust: 0.2

sources: IVD: ba452eb2-f54b-4527-b139-cb294893a8cf // ZDI: ZDI-17-286 // CNVD: CNVD-2017-11031 // BID: 97055 // JVNDB: JVNDB-2017-013274 // CNNVD: CNNVD-201702-592 // NVD: CVE-2017-6020

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-082-01	Trust: 4.0
url:	https://www.exploit-db.com/exploits/42885/	Trust: 1.6
url:	http://www.securityfocus.com/bid/97055	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6020	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6020	Trust: 0.8
url:	http://laquisscada.com/	Trust: 0.3

sources: ZDI: ZDI-17-286 // CNVD: CNVD-2017-11031 // BID: 97055 // JVNDB: JVNDB-2017-013274 // CNNVD: CNNVD-201702-592 // NVD: CVE-2017-6020

CREDITS

Karn Ganeshen

Trust: 0.7

sources: ZDI: ZDI-17-286

SOURCES

db:	IVD	id:	ba452eb2-f54b-4527-b139-cb294893a8cf
db:	ZDI	id:	ZDI-17-286
db:	CNVD	id:	CNVD-2017-11031
db:	BID	id:	97055
db:	JVNDB	id:	JVNDB-2017-013274
db:	CNNVD	id:	CNNVD-201702-592
db:	NVD	id:	CVE-2017-6020

LAST UPDATE DATE

2024-08-14T14:39:25.025000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-286	date:	2017-04-12T00:00:00
db:	CNVD	id:	CNVD-2017-11031	date:	2019-05-17T00:00:00
db:	BID	id:	97055	date:	2017-03-29T00:01:00
db:	JVNDB	id:	JVNDB-2017-013274	date:	2018-06-15T00:00:00
db:	CNNVD	id:	CNNVD-201702-592	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6020	date:	2019-10-09T23:28:34.167

SOURCES RELEASE DATE

db:	IVD	id:	ba452eb2-f54b-4527-b139-cb294893a8cf	date:	2017-06-23T00:00:00
db:	ZDI	id:	ZDI-17-286	date:	2017-04-12T00:00:00
db:	CNVD	id:	CNVD-2017-11031	date:	2017-06-23T00:00:00
db:	BID	id:	97055	date:	2017-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-013274	date:	2018-06-15T00:00:00
db:	CNNVD	id:	CNNVD-201702-592	date:	2017-02-17T00:00:00
db:	NVD	id:	CVE-2017-6020	date:	2018-04-17T14:29:00.290