ID

VAR-201902-0646


CVE

CVE-2018-18986


TITLE

LCDS Laquis SCADA Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2018-014371

DESCRIPTION

LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution. LCDS Laquis SCADA Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LGX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

Trust: 3.24

sources: NVD: CVE-2018-18986 // JVNDB: JVNDB-2018-014371 // ZDI: ZDI-19-057 // CNVD: CNVD-2019-02386 // BID: 106634 // IVD: 7d84f422-463f-11e9-9432-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7d84f422-463f-11e9-9432-000c29342cb1 // CNVD: CNVD-2019-02386

AFFECTED PRODUCTS

vendor:lcdsmodel:laquis scadascope:ltversion:4.1.0.4150

Trust: 1.8

vendor:laquis scadamodel:softwarescope: - version: -

Trust: 0.7

vendor:lcdsmodel:le\303\243o consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.6

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.3

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:neversion:-4.1.0.4150

Trust: 0.3

vendor:laquis scadamodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d84f422-463f-11e9-9432-000c29342cb1 // ZDI: ZDI-19-057 // CNVD: CNVD-2019-02386 // BID: 106634 // JVNDB: JVNDB-2018-014371 // NVD: CVE-2018-18986

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18986
value: HIGH

Trust: 1.0

NVD: CVE-2018-18986
value: HIGH

Trust: 0.8

ZDI: CVE-2018-18986
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2019-02386
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201901-514
value: HIGH

Trust: 0.6

IVD: 7d84f422-463f-11e9-9432-000c29342cb1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-18986
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-18986
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2019-02386
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d84f422-463f-11e9-9432-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-18986
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 7d84f422-463f-11e9-9432-000c29342cb1 // ZDI: ZDI-19-057 // CNVD: CNVD-2019-02386 // JVNDB: JVNDB-2018-014371 // CNNVD: CNNVD-201901-514 // NVD: CVE-2018-18986

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

problemtype:CWE-787

Trust: 1.0

sources: JVNDB: JVNDB-2018-014371 // NVD: CVE-2018-18986

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-514

TYPE

Buffer error

Trust: 0.8

sources: IVD: 7d84f422-463f-11e9-9432-000c29342cb1 // CNNVD: CNNVD-201901-514

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014371

PATCH

title:Top Pageurl:https://laquisscada.com/

Trust: 0.8

title:LAquis SCADA has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01

Trust: 0.7

title:Patch for LAquis SCADA Cross-Boundary Write Vulnerability (CNVD-2019-02386)url:https://www.cnvd.org.cn/patchInfo/show/150973

Trust: 0.6

title:LAquis SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88650

Trust: 0.6

sources: ZDI: ZDI-19-057 // CNVD: CNVD-2019-02386 // JVNDB: JVNDB-2018-014371 // CNNVD: CNNVD-201901-514

EXTERNAL IDS

db:NVDid:CVE-2018-18986

Trust: 4.2

db:ICS CERTid:ICSA-19-015-01

Trust: 3.3

db:BIDid:106634

Trust: 1.9

db:CNVDid:CNVD-2019-02386

Trust: 0.8

db:CNNVDid:CNNVD-201901-514

Trust: 0.8

db:JVNDBid:JVNDB-2018-014371

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6490

Trust: 0.7

db:ZDIid:ZDI-19-057

Trust: 0.7

db:ICS CERTid:ICSA-19-015-01T

Trust: 0.6

db:IVDid:7D84F422-463F-11E9-9432-000C29342CB1

Trust: 0.2

sources: IVD: 7d84f422-463f-11e9-9432-000c29342cb1 // ZDI: ZDI-19-057 // CNVD: CNVD-2019-02386 // BID: 106634 // JVNDB: JVNDB-2018-014371 // CNNVD: CNNVD-201901-514 // NVD: CVE-2018-18986

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01

Trust: 4.0

url:http://www.securityfocus.com/bid/106634

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-18986

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18986

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource

Trust: 0.6

url:http://www.securityfocus.com/bid/106634third party advisoryvdb entry

Trust: 0.6

url:https://laquisscada.com/

Trust: 0.3

sources: ZDI: ZDI-19-057 // CNVD: CNVD-2019-02386 // BID: 106634 // JVNDB: JVNDB-2018-014371 // CNNVD: CNNVD-201901-514 // NVD: CVE-2018-18986

CREDITS

Esteban Ruiz (mr_me) of Source Incite

Trust: 0.7

sources: ZDI: ZDI-19-057

SOURCES

db:IVDid:7d84f422-463f-11e9-9432-000c29342cb1
db:ZDIid:ZDI-19-057
db:CNVDid:CNVD-2019-02386
db:BIDid:106634
db:JVNDBid:JVNDB-2018-014371
db:CNNVDid:CNNVD-201901-514
db:NVDid:CVE-2018-18986

LAST UPDATE DATE

2024-08-14T13:26:57.796000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-057date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-02386date:2019-01-22T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-014371date:2019-03-19T00:00:00
db:CNNVDid:CNNVD-201901-514date:2019-10-17T00:00:00
db:NVDid:CVE-2018-18986date:2019-10-09T23:37:31.817

SOURCES RELEASE DATE

db:IVDid:7d84f422-463f-11e9-9432-000c29342cb1date:2019-01-22T00:00:00
db:ZDIid:ZDI-19-057date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-02386date:2019-01-22T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-014371date:2019-03-19T00:00:00
db:CNNVDid:CNNVD-201901-514date:2019-01-16T00:00:00
db:NVDid:CVE-2018-18986date:2019-02-05T18:29:00.553