ID

VAR-201902-0640


CVE

CVE-2018-19002


TITLE

LCDS LAquis SCADA Code injection vulnerability

Trust: 2.2

sources: IVD: 7d84f421-463f-11e9-9e2b-000c29342cb1 // CNVD: CNVD-2019-02387 // JVNDB: JVNDB-2018-013084 // CNNVD: CNNVD-201901-512

DESCRIPTION

LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash. LCDS Laquis SCADA Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a controlled call to VirtualProtect. An attacker can leverage this vulnerability to execute code in the context of the aq process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

Trust: 3.24

sources: NVD: CVE-2018-19002 // JVNDB: JVNDB-2018-013084 // ZDI: ZDI-19-097 // CNVD: CNVD-2019-02387 // BID: 106634 // IVD: 7d84f421-463f-11e9-9e2b-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7d84f421-463f-11e9-9e2b-000c29342cb1 // CNVD: CNVD-2019-02387

AFFECTED PRODUCTS

vendor:lcdsmodel:laquis scadascope:ltversion:4.1.0.4150

Trust: 1.8

vendor:laquismodel:scadascope: - version: -

Trust: 0.7

vendor:lcdsmodel:le\303\243o consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.6

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.3

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:neversion:-4.1.0.4150

Trust: 0.3

vendor:laquis scadamodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d84f421-463f-11e9-9e2b-000c29342cb1 // ZDI: ZDI-19-097 // CNVD: CNVD-2019-02387 // BID: 106634 // JVNDB: JVNDB-2018-013084 // NVD: CVE-2018-19002

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19002
value: HIGH

Trust: 1.0

NVD: CVE-2018-19002
value: HIGH

Trust: 0.8

ZDI: CVE-2018-19002
value: HIGH

Trust: 0.7

CNVD: CNVD-2019-02387
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201901-512
value: HIGH

Trust: 0.6

IVD: 7d84f421-463f-11e9-9e2b-000c29342cb1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-19002
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-02387
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d84f421-463f-11e9-9e2b-000c29342cb1
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-19002
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

ZDI: CVE-2018-19002
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: IVD: 7d84f421-463f-11e9-9e2b-000c29342cb1 // ZDI: ZDI-19-097 // CNVD: CNVD-2019-02387 // JVNDB: JVNDB-2018-013084 // CNNVD: CNNVD-201901-512 // NVD: CVE-2018-19002

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2018-013084 // NVD: CVE-2018-19002

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-512

TYPE

Code injection

Trust: 0.8

sources: IVD: 7d84f421-463f-11e9-9e2b-000c29342cb1 // CNNVD: CNNVD-201901-512

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013084

PATCH

title:Top Pageurl:https://laquisscada.com

Trust: 0.8

title:LAquis has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01

Trust: 0.7

title:Patch for LCDS LAquis SCADA Code Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/150975

Trust: 0.6

title:LCDS LAquis SCADA Fixes for code injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88657

Trust: 0.6

sources: ZDI: ZDI-19-097 // CNVD: CNVD-2019-02387 // JVNDB: JVNDB-2018-013084 // CNNVD: CNNVD-201901-512

EXTERNAL IDS

db:NVDid:CVE-2018-19002

Trust: 4.2

db:ICS CERTid:ICSA-19-015-01

Trust: 2.7

db:BIDid:106634

Trust: 1.9

db:CNVDid:CNVD-2019-02387

Trust: 0.8

db:CNNVDid:CNNVD-201901-512

Trust: 0.8

db:JVNDBid:JVNDB-2018-013084

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-7110

Trust: 0.7

db:ZDIid:ZDI-19-097

Trust: 0.7

db:ICS CERTid:ICSA-19-015-01T

Trust: 0.6

db:IVDid:7D84F421-463F-11E9-9E2B-000C29342CB1

Trust: 0.2

sources: IVD: 7d84f421-463f-11e9-9e2b-000c29342cb1 // ZDI: ZDI-19-097 // CNVD: CNVD-2019-02387 // BID: 106634 // JVNDB: JVNDB-2018-013084 // CNNVD: CNNVD-201901-512 // NVD: CVE-2018-19002

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01

Trust: 3.4

url:http://www.securityfocus.com/bid/106634

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-19002

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19002

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource

Trust: 0.6

url:http://www.securityfocus.com/bid/106634third party advisoryvdb entry

Trust: 0.6

url:https://laquisscada.com/

Trust: 0.3

sources: ZDI: ZDI-19-097 // CNVD: CNVD-2019-02387 // BID: 106634 // JVNDB: JVNDB-2018-013084 // CNNVD: CNNVD-201901-512 // NVD: CVE-2018-19002

CREDITS

Esteban Ruiz (mr_me) of Source Incite

Trust: 0.7

sources: ZDI: ZDI-19-097

SOURCES

db:IVDid:7d84f421-463f-11e9-9e2b-000c29342cb1
db:ZDIid:ZDI-19-097
db:CNVDid:CNVD-2019-02387
db:BIDid:106634
db:JVNDBid:JVNDB-2018-013084
db:CNNVDid:CNNVD-201901-512
db:NVDid:CVE-2018-19002

LAST UPDATE DATE

2024-08-14T13:26:57.752000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-097date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-02387date:2019-01-22T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-013084date:2019-02-14T00:00:00
db:CNNVDid:CNNVD-201901-512date:2019-10-17T00:00:00
db:NVDid:CVE-2018-19002date:2019-10-09T23:37:34.787

SOURCES RELEASE DATE

db:IVDid:7d84f421-463f-11e9-9e2b-000c29342cb1date:2019-01-22T00:00:00
db:ZDIid:ZDI-19-097date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-02387date:2019-01-22T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-013084date:2019-02-14T00:00:00
db:CNNVDid:CNNVD-201901-512date:2019-01-16T00:00:00
db:NVDid:CVE-2018-19002date:2019-02-05T18:29:00.773