ID

VAR-201902-0641


CVE

CVE-2018-19004


TITLE

LAquis SCADA LQS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Trust: 1.4

sources: ZDI: ZDI-19-099 // ZDI: ZDI-19-098

DESCRIPTION

LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration. LCDS Laquis SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the aq process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

Trust: 3.87

sources: NVD: CVE-2018-19004 // JVNDB: JVNDB-2018-014064 // ZDI: ZDI-19-099 // ZDI: ZDI-19-098 // CNVD: CNVD-2019-02388 // BID: 106634 // IVD: 7d854240-463f-11e9-b38a-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7d854240-463f-11e9-b38a-000c29342cb1 // CNVD: CNVD-2019-02388

AFFECTED PRODUCTS

vendor:lcdsmodel:laquis scadascope:ltversion:4.1.0.4150

Trust: 1.8

vendor:laquismodel:scadascope: - version: -

Trust: 1.4

vendor:lcdsmodel:le\303\243o consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.6

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.3

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:neversion:-4.1.0.4150

Trust: 0.3

vendor:laquis scadamodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d854240-463f-11e9-b38a-000c29342cb1 // ZDI: ZDI-19-099 // ZDI: ZDI-19-098 // CNVD: CNVD-2019-02388 // BID: 106634 // JVNDB: JVNDB-2018-014064 // NVD: CVE-2018-19004

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-19004
value: LOW

Trust: 1.4

nvd@nist.gov: CVE-2018-19004
value: LOW

Trust: 1.0

NVD: CVE-2018-19004
value: LOW

Trust: 0.8

CNVD: CNVD-2019-02388
value: LOW

Trust: 0.6

CNNVD: CNNVD-201901-511
value: LOW

Trust: 0.6

IVD: 7d854240-463f-11e9-b38a-000c29342cb1
value: LOW

Trust: 0.2

nvd@nist.gov: CVE-2018-19004
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-02388
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d854240-463f-11e9-b38a-000c29342cb1
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-19004
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

ZDI: CVE-2018-19004
baseSeverity: LOW
baseScore: 3.3
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.4

sources: IVD: 7d854240-463f-11e9-b38a-000c29342cb1 // ZDI: ZDI-19-099 // ZDI: ZDI-19-098 // CNVD: CNVD-2019-02388 // JVNDB: JVNDB-2018-014064 // CNNVD: CNNVD-201901-511 // NVD: CVE-2018-19004

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2018-014064 // NVD: CVE-2018-19004

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-511

TYPE

Buffer error

Trust: 0.8

sources: IVD: 7d854240-463f-11e9-b38a-000c29342cb1 // CNNVD: CNNVD-201901-511

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014064

PATCH

title:LAquis has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01

Trust: 1.4

title:Top Pageurl:https://laquisscada.com/

Trust: 0.8

title:LCDS LAquis SCADA patch for out-of-bounds read vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/150977

Trust: 0.6

title:LCDS LAquis SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88656

Trust: 0.6

sources: ZDI: ZDI-19-099 // ZDI: ZDI-19-098 // CNVD: CNVD-2019-02388 // JVNDB: JVNDB-2018-014064 // CNNVD: CNNVD-201901-511

EXTERNAL IDS

db:NVDid:CVE-2018-19004

Trust: 4.9

db:ICS CERTid:ICSA-19-015-01

Trust: 3.3

db:BIDid:106634

Trust: 1.9

db:CNVDid:CNVD-2019-02388

Trust: 0.8

db:CNNVDid:CNNVD-201901-511

Trust: 0.8

db:JVNDBid:JVNDB-2018-014064

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-7114

Trust: 0.7

db:ZDIid:ZDI-19-099

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-7113

Trust: 0.7

db:ZDIid:ZDI-19-098

Trust: 0.7

db:IVDid:7D854240-463F-11E9-B38A-000C29342CB1

Trust: 0.2

sources: IVD: 7d854240-463f-11e9-b38a-000c29342cb1 // ZDI: ZDI-19-099 // ZDI: ZDI-19-098 // CNVD: CNVD-2019-02388 // BID: 106634 // JVNDB: JVNDB-2018-014064 // CNNVD: CNNVD-201901-511 // NVD: CVE-2018-19004

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01

Trust: 4.7

url:http://www.securityfocus.com/bid/106634

Trust: 2.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19004

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-19004

Trust: 0.8

url:https://laquisscada.com/

Trust: 0.3

sources: ZDI: ZDI-19-099 // ZDI: ZDI-19-098 // CNVD: CNVD-2019-02388 // BID: 106634 // JVNDB: JVNDB-2018-014064 // CNNVD: CNNVD-201901-511 // NVD: CVE-2018-19004

CREDITS

Esteban Ruiz (mr_me) of Source Incite

Trust: 1.4

sources: ZDI: ZDI-19-099 // ZDI: ZDI-19-098

SOURCES

db:IVDid:7d854240-463f-11e9-b38a-000c29342cb1
db:ZDIid:ZDI-19-099
db:ZDIid:ZDI-19-098
db:CNVDid:CNVD-2019-02388
db:BIDid:106634
db:JVNDBid:JVNDB-2018-014064
db:CNNVDid:CNNVD-201901-511
db:NVDid:CVE-2018-19004

LAST UPDATE DATE

2024-08-14T13:26:57.883000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-099date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-098date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-02388date:2019-01-22T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-014064date:2019-03-11T00:00:00
db:CNNVDid:CNNVD-201901-511date:2019-10-17T00:00:00
db:NVDid:CVE-2018-19004date:2019-10-09T23:37:35.130

SOURCES RELEASE DATE

db:IVDid:7d854240-463f-11e9-b38a-000c29342cb1date:2019-01-22T00:00:00
db:ZDIid:ZDI-19-099date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-098date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-02388date:2019-01-22T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-014064date:2019-03-11T00:00:00
db:CNNVDid:CNNVD-201901-511date:2019-01-16T00:00:00
db:NVDid:CVE-2018-19004date:2019-02-01T18:29:01.193