Details of VAR-201804-1529

ID

VAR-201804-1529

CVE

CVE-2018-5463

TITLE

LCDS LAquis SCADA Arbitrary code execution vulnerability

Trust: 0.8

sources: IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // CNVD: CNVD-2018-07745

DESCRIPTION

A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution. Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME of LAquis SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LCDS LAquis SCADA A set of SCADA software for monitoring and data acquisition from Brazil LCDS. A security vulnerability exists in LCDS LAquis SCADA version 4.1.0.3391 and earlier that caused the program to fail to properly detect or handle anomalies. An attacker could exploit the vulnerability to execute code. LAquis SCADA is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition

Trust: 2.7

sources: NVD: CVE-2018-5463 // JVNDB: JVNDB-2018-004093 // CNVD: CNVD-2018-07745 // BID: 103724 // IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // VULMON: CVE-2018-5463

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // CNVD: CNVD-2018-07745

AFFECTED PRODUCTS

vendor:	lcds	model:	laquis scada	scope:	lte	version:	4.1.0.3391	Trust: 1.8
vendor:	lcds	model:	le\303\243o consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	eq	version:	-<=4.1.0.3391	Trust: 0.6
vendor:	lcds	model:	laquis scada	scope:	eq	version:	4.1.0.3391	Trust: 0.6
vendor:	lcds	model:	leão consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	eq	version:	-4.1.0.3391	Trust: 0.3
vendor:	lcds	model:	leão consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	ne	version:	-4.1.0.3774	Trust: 0.3
vendor:	lcds	model:	leão consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	eq	version:	-<=4.1.0.3391	Trust: 0.2

sources: IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // CNVD: CNVD-2018-07745 // BID: 103724 // JVNDB: JVNDB-2018-004093 // CNNVD: CNNVD-201804-408 // NVD: CVE-2018-5463

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5463
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-5463
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-07745
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201804-408
value:	HIGH
Trust: 0.6
IVD:	e2eb40d0-39ab-11e9-aed1-000c29342cb1
value:	HIGH
Trust: 0.2
VULMON:	CVE-2018-5463
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-5463
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-07745
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2eb40d0-39ab-11e9-aed1-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-5463
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // CNVD: CNVD-2018-07745 // VULMON: CVE-2018-5463 // JVNDB: JVNDB-2018-004093 // CNNVD: CNNVD-201804-408 // NVD: CVE-2018-5463

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.8
problemtype:	CWE-703	Trust: 1.0

sources: JVNDB: JVNDB-2018-004093 // NVD: CVE-2018-5463

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-408

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // CNNVD: CNNVD-201804-408

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004093

PATCH

title:	Top Page	url:	https://laquisscada.com/	Trust: 0.8
title:	LCDS LAquis SCADA patch for arbitrary code execution vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/125847	Trust: 0.6
title:	LCDS LAquis SCADA Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83210	Trust: 0.6

sources: CNVD: CNVD-2018-07745 // JVNDB: JVNDB-2018-004093 // CNNVD: CNNVD-201804-408

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5463	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-095-03	Trust: 3.4
db:	BID	id:	103724	Trust: 2.6
db:	CNVD	id:	CNVD-2018-07745	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-408	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-004093	Trust: 0.8
db:	IVD	id:	E2EB40D0-39AB-11E9-AED1-000C29342CB1	Trust: 0.2
db:	VULMON	id:	CVE-2018-5463	Trust: 0.1

sources: IVD: e2eb40d0-39ab-11e9-aed1-000c29342cb1 // CNVD: CNVD-2018-07745 // VULMON: CVE-2018-5463 // BID: 103724 // JVNDB: JVNDB-2018-004093 // CNNVD: CNNVD-201804-408 // NVD: CVE-2018-5463

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-095-03	Trust: 3.5
url:	http://www.securityfocus.com/bid/103724	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5463	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5463	Trust: 0.8
url:	https://laquisscada.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-07745 // VULMON: CVE-2018-5463 // BID: 103724 // JVNDB: JVNDB-2018-004093 // CNNVD: CNNVD-201804-408 // NVD: CVE-2018-5463

CREDITS

Karn Ganeshen

Trust: 0.3

sources: BID: 103724

SOURCES

db:	IVD	id:	e2eb40d0-39ab-11e9-aed1-000c29342cb1
db:	CNVD	id:	CNVD-2018-07745
db:	VULMON	id:	CVE-2018-5463
db:	BID	id:	103724
db:	JVNDB	id:	JVNDB-2018-004093
db:	CNNVD	id:	CNNVD-201804-408
db:	NVD	id:	CVE-2018-5463

LAST UPDATE DATE

2024-08-14T14:51:36.640000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-07745	date:	2018-04-17T00:00:00
db:	VULMON	id:	CVE-2018-5463	date:	2019-10-09T00:00:00
db:	BID	id:	103724	date:	2018-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-004093	date:	2018-06-11T00:00:00
db:	CNNVD	id:	CNNVD-201804-408	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-5463	date:	2019-10-09T23:41:24.547

SOURCES RELEASE DATE

db:	IVD	id:	e2eb40d0-39ab-11e9-aed1-000c29342cb1	date:	2018-04-17T00:00:00
db:	CNVD	id:	CNVD-2018-07745	date:	2018-04-17T00:00:00
db:	VULMON	id:	CVE-2018-5463	date:	2018-04-09T00:00:00
db:	BID	id:	103724	date:	2018-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-004093	date:	2018-06-11T00:00:00
db:	CNNVD	id:	CNNVD-201804-408	date:	2018-04-09T00:00:00
db:	NVD	id:	CVE-2018-5463	date:	2018-04-09T21:29:00.210