Details of VAR-201810-0484

ID

VAR-201810-0484

CVE

CVE-2018-17897

TITLE

LAquis SCADA LQS File Parsing Integer Overflow Remote Code Execution Vulnerability

Trust: 2.1

sources: ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249

DESCRIPTION

LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution. LAquis SCADA Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. At attacker can leverage this vulnerability to execute code under the context of the current process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. LAquis SCADA Smart Security Manager is prone to following multiple security vulnerabilities: 1. Remote-code execution vulnerability 2. Multiple unspecified interger overflow vulnerability 3. Directory traversal vulnerability 4. Failed attacks may cause a denial-of-service condition. LAquis SCADA mart Security Manager Versions 4.1.0.3870 and prior versions are vulnerable

Trust: 4.5

sources: NVD: CVE-2018-17897 // JVNDB: JVNDB-2018-011036 // ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249 // CNVD: CNVD-2018-21318 // BID: 105719 // IVD: e2fe539e-39ab-11e9-9fdb-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2fe539e-39ab-11e9-9fdb-000c29342cb1 // CNVD: CNVD-2018-21318

AFFECTED PRODUCTS

vendor:	laquis scada	model:	software	scope:	-	version:	-	Trust: 2.1
vendor:	lcds	model:	laquis scada	scope:	lte	version:	4.1.0.3870	Trust: 1.8
vendor:	lcds	model:	\342\200\223 le\303\243o consultoria e desenvolvimento de sistemas ltda me laquis scada <=4.1.0.3870	scope:	-	version:	-	Trust: 0.6
vendor:	lcds	model:	laquis scada	scope:	eq	version:	4.1.0.3870	Trust: 0.6
vendor:	lcds	model:	leão consultoria e desenvolvimento de sistemas ltda me laquis scada smart security manager	scope:	eq	version:	-4.1.0.3870	Trust: 0.3
vendor:	lcds	model:	leão consultoria e desenvolvimento de sistemas ltda me laquis scada smart security manager	scope:	ne	version:	-4.1.0.4114	Trust: 0.3
vendor:	laquis scada	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2fe539e-39ab-11e9-9fdb-000c29342cb1 // ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249 // CNVD: CNVD-2018-21318 // BID: 105719 // JVNDB: JVNDB-2018-011036 // CNNVD: CNNVD-201810-760 // NVD: CVE-2018-17897

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-17897
value:	MEDIUM
Trust: 2.1
nvd@nist.gov:	CVE-2018-17897
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-17897
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-21318
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201810-760
value:	HIGH
Trust: 0.6
IVD:	e2fe539e-39ab-11e9-9fdb-000c29342cb1
value:	HIGH
Trust: 0.2

ZDI:	CVE-2018-17897
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.1
nvd@nist.gov:	CVE-2018-17897
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-21318
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2fe539e-39ab-11e9-9fdb-000c29342cb1
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-17897
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2fe539e-39ab-11e9-9fdb-000c29342cb1 // ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249 // CNVD: CNVD-2018-21318 // JVNDB: JVNDB-2018-011036 // CNNVD: CNNVD-201810-760 // NVD: CVE-2018-17897

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2018-011036 // NVD: CVE-2018-17897

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-760

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201810-760

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011036

PATCH

title:	LAquis SCADA has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01	Trust: 2.1
title:	LAquis SCADA software	url:	https://laquisscada.com/instale1.php	Trust: 0.8
title:	Patch for LAquis SCADA Integer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/142795	Trust: 0.6
title:	LAquis SCADA Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85843	Trust: 0.6

sources: ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249 // CNVD: CNVD-2018-21318 // JVNDB: JVNDB-2018-011036 // CNNVD: CNNVD-201810-760

EXTERNAL IDS

db:	NVD	id:	CVE-2018-17897	Trust: 5.6
db:	ICS CERT	id:	ICSA-18-289-01	Trust: 3.3
db:	BID	id:	105719	Trust: 1.3
db:	CNVD	id:	CNVD-2018-21318	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-760	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-011036	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6279	Trust: 0.7
db:	ZDI	id:	ZDI-18-1248	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6281	Trust: 0.7
db:	ZDI	id:	ZDI-18-1250	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6280	Trust: 0.7
db:	ZDI	id:	ZDI-18-1249	Trust: 0.7
db:	IVD	id:	E2FE539E-39AB-11E9-9FDB-000C29342CB1	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-289-01	Trust: 5.4
url:	http://laquisscada.com/instale1.php	Trust: 1.9
url:	http://www.securityfocus.com/bid/105719	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17897	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17897	Trust: 0.8

sources: ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249 // CNVD: CNVD-2018-21318 // BID: 105719 // JVNDB: JVNDB-2018-011036 // CNNVD: CNNVD-201810-760 // NVD: CVE-2018-17897

CREDITS

rgod of 9SG Security Team - rgod@9sgsec.com

Trust: 2.1

sources: ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249

SOURCES

db:	IVD	id:	e2fe539e-39ab-11e9-9fdb-000c29342cb1
db:	ZDI	id:	ZDI-18-1248
db:	ZDI	id:	ZDI-18-1250
db:	ZDI	id:	ZDI-18-1249
db:	CNVD	id:	CNVD-2018-21318
db:	BID	id:	105719
db:	JVNDB	id:	JVNDB-2018-011036
db:	CNNVD	id:	CNNVD-201810-760
db:	NVD	id:	CVE-2018-17897

LAST UPDATE DATE

2024-08-14T13:27:31.709000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-1248	date:	2018-10-16T00:00:00
db:	ZDI	id:	ZDI-18-1250	date:	2018-10-16T00:00:00
db:	ZDI	id:	ZDI-18-1249	date:	2018-10-16T00:00:00
db:	CNVD	id:	CNVD-2018-21318	date:	2018-10-18T00:00:00
db:	BID	id:	105719	date:	2018-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-011036	date:	2019-01-04T00:00:00
db:	CNNVD	id:	CNNVD-201810-760	date:	2018-10-17T00:00:00
db:	NVD	id:	CVE-2018-17897	date:	2018-11-30T15:26:43.843

SOURCES RELEASE DATE

db:	IVD	id:	e2fe539e-39ab-11e9-9fdb-000c29342cb1	date:	2018-10-18T00:00:00
db:	ZDI	id:	ZDI-18-1248	date:	2018-10-16T00:00:00
db:	ZDI	id:	ZDI-18-1250	date:	2018-10-16T00:00:00
db:	ZDI	id:	ZDI-18-1249	date:	2018-10-16T00:00:00
db:	CNVD	id:	CNVD-2018-21318	date:	2018-10-18T00:00:00
db:	BID	id:	105719	date:	2018-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-011036	date:	2019-01-04T00:00:00
db:	CNNVD	id:	CNNVD-201810-760	date:	2018-10-17T00:00:00
db:	NVD	id:	CVE-2018-17897	date:	2018-10-17T02:29:00.857