ID

VAR-201810-0484


CVE

CVE-2018-17897


TITLE

LAquis SCADA LQS File Parsing Integer Overflow Remote Code Execution Vulnerability

Trust: 2.1

sources: ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249

DESCRIPTION

LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution. LAquis SCADA Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. At attacker can leverage this vulnerability to execute code under the context of the current process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. LAquis SCADA Smart Security Manager is prone to following multiple security vulnerabilities: 1. Remote-code execution vulnerability 2. Multiple unspecified interger overflow vulnerability 3. Directory traversal vulnerability 4. Failed attacks may cause a denial-of-service condition. LAquis SCADA mart Security Manager Versions 4.1.0.3870 and prior versions are vulnerable

Trust: 4.5

sources: NVD: CVE-2018-17897 // JVNDB: JVNDB-2018-011036 // ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249 // CNVD: CNVD-2018-21318 // BID: 105719 // IVD: e2fe539e-39ab-11e9-9fdb-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2fe539e-39ab-11e9-9fdb-000c29342cb1 // CNVD: CNVD-2018-21318

AFFECTED PRODUCTS

vendor:laquis scadamodel:softwarescope: - version: -

Trust: 2.1

vendor:lcdsmodel:laquis scadascope:lteversion:4.1.0.3870

Trust: 1.8

vendor:lcdsmodel:\342\200\223 le\303\243o consultoria e desenvolvimento de sistemas ltda me laquis scada <=4.1.0.3870scope: - version: -

Trust: 0.6

vendor:lcdsmodel:laquis scadascope:eqversion:4.1.0.3870

Trust: 0.6

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scada smart security managerscope:eqversion:-4.1.0.3870

Trust: 0.3

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scada smart security managerscope:neversion:-4.1.0.4114

Trust: 0.3

vendor:laquis scadamodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2fe539e-39ab-11e9-9fdb-000c29342cb1 // ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249 // CNVD: CNVD-2018-21318 // BID: 105719 // JVNDB: JVNDB-2018-011036 // CNNVD: CNNVD-201810-760 // NVD: CVE-2018-17897

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-17897
value: MEDIUM

Trust: 2.1

nvd@nist.gov: CVE-2018-17897
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-17897
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-21318
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201810-760
value: HIGH

Trust: 0.6

IVD: e2fe539e-39ab-11e9-9fdb-000c29342cb1
value: HIGH

Trust: 0.2

ZDI: CVE-2018-17897
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.1

nvd@nist.gov: CVE-2018-17897
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-21318
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2fe539e-39ab-11e9-9fdb-000c29342cb1
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-17897
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2fe539e-39ab-11e9-9fdb-000c29342cb1 // ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249 // CNVD: CNVD-2018-21318 // JVNDB: JVNDB-2018-011036 // CNNVD: CNNVD-201810-760 // NVD: CVE-2018-17897

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2018-011036 // NVD: CVE-2018-17897

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-760

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201810-760

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011036

PATCH

title:LAquis SCADA has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01

Trust: 2.1

title:LAquis SCADA softwareurl:https://laquisscada.com/instale1.php

Trust: 0.8

title:Patch for LAquis SCADA Integer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/142795

Trust: 0.6

title:LAquis SCADA Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85843

Trust: 0.6

sources: ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249 // CNVD: CNVD-2018-21318 // JVNDB: JVNDB-2018-011036 // CNNVD: CNNVD-201810-760

EXTERNAL IDS

db:NVDid:CVE-2018-17897

Trust: 5.6

db:ICS CERTid:ICSA-18-289-01

Trust: 3.3

db:BIDid:105719

Trust: 1.3

db:CNVDid:CNVD-2018-21318

Trust: 0.8

db:CNNVDid:CNNVD-201810-760

Trust: 0.8

db:JVNDBid:JVNDB-2018-011036

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6279

Trust: 0.7

db:ZDIid:ZDI-18-1248

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6281

Trust: 0.7

db:ZDIid:ZDI-18-1250

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6280

Trust: 0.7

db:ZDIid:ZDI-18-1249

Trust: 0.7

db:IVDid:E2FE539E-39AB-11E9-9FDB-000C29342CB1

Trust: 0.2

sources: IVD: e2fe539e-39ab-11e9-9fdb-000c29342cb1 // ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249 // CNVD: CNVD-2018-21318 // BID: 105719 // JVNDB: JVNDB-2018-011036 // CNNVD: CNNVD-201810-760 // NVD: CVE-2018-17897

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-289-01

Trust: 5.4

url:http://laquisscada.com/instale1.php

Trust: 1.9

url:http://www.securityfocus.com/bid/105719

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17897

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-17897

Trust: 0.8

sources: ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249 // CNVD: CNVD-2018-21318 // BID: 105719 // JVNDB: JVNDB-2018-011036 // CNNVD: CNNVD-201810-760 // NVD: CVE-2018-17897

CREDITS

rgod of 9SG Security Team - rgod@9sgsec.com

Trust: 2.1

sources: ZDI: ZDI-18-1248 // ZDI: ZDI-18-1250 // ZDI: ZDI-18-1249

SOURCES

db:IVDid:e2fe539e-39ab-11e9-9fdb-000c29342cb1
db:ZDIid:ZDI-18-1248
db:ZDIid:ZDI-18-1250
db:ZDIid:ZDI-18-1249
db:CNVDid:CNVD-2018-21318
db:BIDid:105719
db:JVNDBid:JVNDB-2018-011036
db:CNNVDid:CNNVD-201810-760
db:NVDid:CVE-2018-17897

LAST UPDATE DATE

2024-08-14T13:27:31.709000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-1248date:2018-10-16T00:00:00
db:ZDIid:ZDI-18-1250date:2018-10-16T00:00:00
db:ZDIid:ZDI-18-1249date:2018-10-16T00:00:00
db:CNVDid:CNVD-2018-21318date:2018-10-18T00:00:00
db:BIDid:105719date:2018-10-16T00:00:00
db:JVNDBid:JVNDB-2018-011036date:2019-01-04T00:00:00
db:CNNVDid:CNNVD-201810-760date:2018-10-17T00:00:00
db:NVDid:CVE-2018-17897date:2018-11-30T15:26:43.843

SOURCES RELEASE DATE

db:IVDid:e2fe539e-39ab-11e9-9fdb-000c29342cb1date:2018-10-18T00:00:00
db:ZDIid:ZDI-18-1248date:2018-10-16T00:00:00
db:ZDIid:ZDI-18-1250date:2018-10-16T00:00:00
db:ZDIid:ZDI-18-1249date:2018-10-16T00:00:00
db:CNVDid:CNVD-2018-21318date:2018-10-18T00:00:00
db:BIDid:105719date:2018-10-16T00:00:00
db:JVNDBid:JVNDB-2018-011036date:2019-01-04T00:00:00
db:CNNVDid:CNNVD-201810-760date:2018-10-17T00:00:00
db:NVDid:CVE-2018-17897date:2018-10-17T02:29:00.857