ID

VAR-201902-0645


CVE

CVE-2018-19029


TITLE

LCDS Laquis SCADA In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001220

DESCRIPTION

LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash. LCDS Laquis SCADA Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A security vulnerability exists in the LCDS LAquis SCADA version 4.1.0.3870. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

Trust: 3.24

sources: NVD: CVE-2018-19029 // JVNDB: JVNDB-2019-001220 // ZDI: ZDI-19-056 // CNVD: CNVD-2019-28114 // BID: 106634 // IVD: 630a6c5b-271f-4942-878e-ab342dd4dbf3

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 630a6c5b-271f-4942-878e-ab342dd4dbf3 // CNVD: CNVD-2019-28114

AFFECTED PRODUCTS

vendor:lcdsmodel:laquis scadascope:ltversion:4.1.0.4150

Trust: 1.8

vendor:laquis scadamodel:softwarescope: - version: -

Trust: 0.7

vendor:lcdsmodel:laquis scadascope:eqversion:4.1.0.3870

Trust: 0.6

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.3

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:neversion:-4.1.0.4150

Trust: 0.3

vendor:laquis scadamodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 630a6c5b-271f-4942-878e-ab342dd4dbf3 // ZDI: ZDI-19-056 // CNVD: CNVD-2019-28114 // BID: 106634 // JVNDB: JVNDB-2019-001220 // NVD: CVE-2018-19029

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19029
value: HIGH

Trust: 1.0

NVD: CVE-2018-19029
value: HIGH

Trust: 0.8

ZDI: CVE-2018-19029
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2019-28114
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201901-513
value: HIGH

Trust: 0.6

IVD: 630a6c5b-271f-4942-878e-ab342dd4dbf3
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-19029
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-19029
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2019-28114
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 630a6c5b-271f-4942-878e-ab342dd4dbf3
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-19029
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 630a6c5b-271f-4942-878e-ab342dd4dbf3 // ZDI: ZDI-19-056 // CNVD: CNVD-2019-28114 // JVNDB: JVNDB-2019-001220 // CNNVD: CNNVD-201901-513 // NVD: CVE-2018-19029

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.8

problemtype:CWE-822

Trust: 1.0

sources: JVNDB: JVNDB-2019-001220 // NVD: CVE-2018-19029

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-513

TYPE

Code problem

Trust: 0.8

sources: IVD: 630a6c5b-271f-4942-878e-ab342dd4dbf3 // CNNVD: CNNVD-201901-513

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001220

PATCH

title:Top Pageurl:https://laquisscada.com

Trust: 0.8

title:LAquis SCADA has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01

Trust: 0.7

title:LCDS LAquis SCADA has an unspecified vulnerability (CNVD-2019-28114) patchurl:https://www.cnvd.org.cn/patchInfo/show/176013

Trust: 0.6

title:LCDS LAquis SCADA Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88658

Trust: 0.6

sources: ZDI: ZDI-19-056 // CNVD: CNVD-2019-28114 // JVNDB: JVNDB-2019-001220 // CNNVD: CNNVD-201901-513

EXTERNAL IDS

db:NVDid:CVE-2018-19029

Trust: 4.2

db:ICS CERTid:ICSA-19-015-01

Trust: 3.3

db:BIDid:106634

Trust: 1.9

db:CNVDid:CNVD-2019-28114

Trust: 0.8

db:CNNVDid:CNNVD-201901-513

Trust: 0.8

db:JVNDBid:JVNDB-2019-001220

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6452

Trust: 0.7

db:ZDIid:ZDI-19-056

Trust: 0.7

db:ICS CERTid:ICSA-19-015-01T

Trust: 0.6

db:IVDid:630A6C5B-271F-4942-878E-AB342DD4DBF3

Trust: 0.2

sources: IVD: 630a6c5b-271f-4942-878e-ab342dd4dbf3 // ZDI: ZDI-19-056 // CNVD: CNVD-2019-28114 // BID: 106634 // JVNDB: JVNDB-2019-001220 // CNNVD: CNNVD-201901-513 // NVD: CVE-2018-19029

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01

Trust: 4.0

url:http://www.securityfocus.com/bid/106634

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-19029

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19029

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource

Trust: 0.6

url:http://www.securityfocus.com/bid/106634third party advisoryvdb entry

Trust: 0.6

url:https://laquisscada.com/

Trust: 0.3

sources: ZDI: ZDI-19-056 // CNVD: CNVD-2019-28114 // BID: 106634 // JVNDB: JVNDB-2019-001220 // CNNVD: CNNVD-201901-513 // NVD: CVE-2018-19029

CREDITS

Esteban Ruiz (mr_me) of Source Incite

Trust: 0.7

sources: ZDI: ZDI-19-056

SOURCES

db:IVDid:630a6c5b-271f-4942-878e-ab342dd4dbf3
db:ZDIid:ZDI-19-056
db:CNVDid:CNVD-2019-28114
db:BIDid:106634
db:JVNDBid:JVNDB-2019-001220
db:CNNVDid:CNNVD-201901-513
db:NVDid:CVE-2018-19029

LAST UPDATE DATE

2024-08-14T13:26:57.987000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-056date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-28114date:2019-08-20T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2019-001220date:2019-02-14T00:00:00
db:CNNVDid:CNNVD-201901-513date:2019-10-17T00:00:00
db:NVDid:CVE-2018-19029date:2019-10-09T23:37:37.973

SOURCES RELEASE DATE

db:IVDid:630a6c5b-271f-4942-878e-ab342dd4dbf3date:2019-08-20T00:00:00
db:ZDIid:ZDI-19-056date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-28114date:2019-08-20T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2019-001220date:2019-02-14T00:00:00
db:CNNVDid:CNNVD-201901-513date:2019-01-16T00:00:00
db:NVDid:CVE-2018-19029date:2019-02-05T18:29:00.820