ID

VAR-201804-1529


CVE

CVE-2018-5463


TITLE

LCDS LAquis SCADA Arbitrary code execution vulnerability

Trust: 0.8

sources: IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // CNVD: CNVD-2018-07745

DESCRIPTION

A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution. Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME of LAquis SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LCDS LAquis SCADA A set of SCADA software for monitoring and data acquisition from Brazil LCDS. A security vulnerability exists in LCDS LAquis SCADA version 4.1.0.3391 and earlier that caused the program to fail to properly detect or handle anomalies. An attacker could exploit the vulnerability to execute code. LAquis SCADA is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition

Trust: 2.7

sources: NVD: CVE-2018-5463 // JVNDB: JVNDB-2018-004093 // CNVD: CNVD-2018-07745 // BID: 103724 // IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // VULMON: CVE-2018-5463

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // CNVD: CNVD-2018-07745

AFFECTED PRODUCTS

vendor:lcdsmodel:laquis scadascope:lteversion:4.1.0.3391

Trust: 1.8

vendor:lcdsmodel:le\303\243o consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-<=4.1.0.3391

Trust: 0.6

vendor:lcdsmodel:laquis scadascope:eqversion:4.1.0.3391

Trust: 0.6

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3391

Trust: 0.3

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:neversion:-4.1.0.3774

Trust: 0.3

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-<=4.1.0.3391

Trust: 0.2

sources: IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // CNVD: CNVD-2018-07745 // BID: 103724 // JVNDB: JVNDB-2018-004093 // CNNVD: CNNVD-201804-408 // NVD: CVE-2018-5463

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5463
value: HIGH

Trust: 1.0

NVD: CVE-2018-5463
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-07745
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201804-408
value: HIGH

Trust: 0.6

IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1
value: HIGH

Trust: 0.2

VULMON: CVE-2018-5463
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5463
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-07745
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-5463
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // CNVD: CNVD-2018-07745 // VULMON: CVE-2018-5463 // JVNDB: JVNDB-2018-004093 // CNNVD: CNNVD-201804-408 // NVD: CVE-2018-5463

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

problemtype:CWE-703

Trust: 1.0

sources: JVNDB: JVNDB-2018-004093 // NVD: CVE-2018-5463

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-408

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // CNNVD: CNNVD-201804-408

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004093

PATCH

title:Top Pageurl:https://laquisscada.com/

Trust: 0.8

title:LCDS LAquis SCADA patch for arbitrary code execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/125847

Trust: 0.6

title:LCDS LAquis SCADA Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83210

Trust: 0.6

sources: CNVD: CNVD-2018-07745 // JVNDB: JVNDB-2018-004093 // CNNVD: CNNVD-201804-408

EXTERNAL IDS

db:NVDid:CVE-2018-5463

Trust: 3.6

db:ICS CERTid:ICSA-18-095-03

Trust: 3.4

db:BIDid:103724

Trust: 2.6

db:CNVDid:CNVD-2018-07745

Trust: 0.8

db:CNNVDid:CNNVD-201804-408

Trust: 0.8

db:JVNDBid:JVNDB-2018-004093

Trust: 0.8

db:IVDid:E2EB40D0-39AB-11E9-AED1-000C29342CB1

Trust: 0.2

db:VULMONid:CVE-2018-5463

Trust: 0.1

sources: IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // CNVD: CNVD-2018-07745 // VULMON: CVE-2018-5463 // BID: 103724 // JVNDB: JVNDB-2018-004093 // CNNVD: CNNVD-201804-408 // NVD: CVE-2018-5463

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-095-03

Trust: 3.5

url:http://www.securityfocus.com/bid/103724

Trust: 2.3

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5463

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-5463

Trust: 0.8

url:https://laquisscada.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2018-07745 // VULMON: CVE-2018-5463 // BID: 103724 // JVNDB: JVNDB-2018-004093 // CNNVD: CNNVD-201804-408 // NVD: CVE-2018-5463

CREDITS

Karn Ganeshen

Trust: 0.3

sources: BID: 103724

SOURCES

db:IVDid:e2eb40d0-39ab-11e9-aed1-000c29342cb1
db:CNVDid:CNVD-2018-07745
db:VULMONid:CVE-2018-5463
db:BIDid:103724
db:JVNDBid:JVNDB-2018-004093
db:CNNVDid:CNNVD-201804-408
db:NVDid:CVE-2018-5463

LAST UPDATE DATE

2024-08-14T14:51:36.640000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-07745date:2018-04-17T00:00:00
db:VULMONid:CVE-2018-5463date:2019-10-09T00:00:00
db:BIDid:103724date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2018-004093date:2018-06-11T00:00:00
db:CNNVDid:CNNVD-201804-408date:2019-10-17T00:00:00
db:NVDid:CVE-2018-5463date:2019-10-09T23:41:24.547

SOURCES RELEASE DATE

db:IVDid:e2eb40d0-39ab-11e9-aed1-000c29342cb1date:2018-04-17T00:00:00
db:CNVDid:CNVD-2018-07745date:2018-04-17T00:00:00
db:VULMONid:CVE-2018-5463date:2018-04-09T00:00:00
db:BIDid:103724date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2018-004093date:2018-06-11T00:00:00
db:CNNVDid:CNNVD-201804-408date:2018-04-09T00:00:00
db:NVDid:CVE-2018-5463date:2018-04-09T21:29:00.210