ID

VAR-201902-0647


CVE

CVE-2018-18988


TITLE

LAquis SCADA Input validation vulnerability

Trust: 0.8

sources: IVD: 7d851b30-463f-11e9-9851-000c29342cb1 // CNVD: CNVD-2019-02384

DESCRIPTION

LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. Script embedded in a crafted file can create files in arbitrary locations using the TextFile.Append method. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the Memory.Integer method. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the aq process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. LCDS LAquis SCADA is prone to multiple security vulnerabilities. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

Trust: 10.08

sources: NVD: CVE-2018-18988 // ZDI: ZDI-19-072 // ZDI: ZDI-19-090 // ZDI: ZDI-19-091 // ZDI: ZDI-19-069 // ZDI: ZDI-19-081 // ZDI: ZDI-19-080 // ZDI: ZDI-19-071 // ZDI: ZDI-19-077 // ZDI: ZDI-19-087 // ZDI: ZDI-19-075 // ZDI: ZDI-19-089 // ZDI: ZDI-19-079 // ZDI: ZDI-19-070 // CNVD: CNVD-2019-02384 // BID: 106634 // IVD: 7d851b30-463f-11e9-9851-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7d851b30-463f-11e9-9851-000c29342cb1 // CNVD: CNVD-2019-02384

AFFECTED PRODUCTS

vendor:laquis scadamodel:softwarescope: - version: -

Trust: 9.1

vendor:lcdsmodel:laquis scadascope:ltversion:4.1.0.4150

Trust: 1.0

vendor:lcdsmodel:le\303\243o consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.6

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.3

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:neversion:-4.1.0.4150

Trust: 0.3

vendor:laquis scadamodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d851b30-463f-11e9-9851-000c29342cb1 // ZDI: ZDI-19-072 // ZDI: ZDI-19-070 // ZDI: ZDI-19-079 // ZDI: ZDI-19-089 // ZDI: ZDI-19-075 // ZDI: ZDI-19-087 // ZDI: ZDI-19-077 // ZDI: ZDI-19-071 // ZDI: ZDI-19-080 // ZDI: ZDI-19-081 // ZDI: ZDI-19-069 // ZDI: ZDI-19-091 // ZDI: ZDI-19-090 // CNVD: CNVD-2019-02384 // BID: 106634 // NVD: CVE-2018-18988

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-18988
value: HIGH

Trust: 6.3

ZDI: CVE-2018-18988
value: MEDIUM

Trust: 2.8

nvd@nist.gov: CVE-2018-18988
value: HIGH

Trust: 1.0

CNVD: CNVD-2019-02384
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201901-510
value: HIGH

Trust: 0.6

IVD: 7d851b30-463f-11e9-9851-000c29342cb1
value: HIGH

Trust: 0.2

ZDI: CVE-2018-18988
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 6.3

ZDI: CVE-2018-18988
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.8

nvd@nist.gov: CVE-2018-18988
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2019-02384
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d851b30-463f-11e9-9851-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-18988
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: IVD: 7d851b30-463f-11e9-9851-000c29342cb1 // ZDI: ZDI-19-072 // ZDI: ZDI-19-070 // ZDI: ZDI-19-079 // ZDI: ZDI-19-089 // ZDI: ZDI-19-075 // ZDI: ZDI-19-087 // ZDI: ZDI-19-077 // ZDI: ZDI-19-071 // ZDI: ZDI-19-080 // ZDI: ZDI-19-081 // ZDI: ZDI-19-069 // ZDI: ZDI-19-091 // ZDI: ZDI-19-090 // CNVD: CNVD-2019-02384 // CNNVD: CNNVD-201901-510 // NVD: CVE-2018-18988

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2018-18988

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-510

TYPE

Input validation error

Trust: 1.1

sources: IVD: 7d851b30-463f-11e9-9851-000c29342cb1 // BID: 106634 // CNNVD: CNNVD-201901-510

PATCH

title:LAquis SCADA has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01

Trust: 9.1

title:LAquis SCADA Input Validation Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/150979

Trust: 0.6

title:LAquis SCADA Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88655

Trust: 0.6

sources: ZDI: ZDI-19-072 // ZDI: ZDI-19-070 // ZDI: ZDI-19-079 // ZDI: ZDI-19-089 // ZDI: ZDI-19-075 // ZDI: ZDI-19-087 // ZDI: ZDI-19-077 // ZDI: ZDI-19-071 // ZDI: ZDI-19-080 // ZDI: ZDI-19-081 // ZDI: ZDI-19-069 // ZDI: ZDI-19-091 // ZDI: ZDI-19-090 // CNVD: CNVD-2019-02384 // CNNVD: CNNVD-201901-510

EXTERNAL IDS

db:NVDid:CVE-2018-18988

Trust: 11.8

db:ICS CERTid:ICSA-19-015-01

Trust: 2.5

db:BIDid:106634

Trust: 1.9

db:CNVDid:CNVD-2019-02384

Trust: 0.8

db:CNNVDid:CNNVD-201901-510

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6568

Trust: 0.7

db:ZDIid:ZDI-19-072

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6579

Trust: 0.7

db:ZDIid:ZDI-19-070

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6575

Trust: 0.7

db:ZDIid:ZDI-19-079

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6626

Trust: 0.7

db:ZDIid:ZDI-19-089

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6571

Trust: 0.7

db:ZDIid:ZDI-19-075

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6624

Trust: 0.7

db:ZDIid:ZDI-19-087

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6573

Trust: 0.7

db:ZDIid:ZDI-19-077

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6492

Trust: 0.7

db:ZDIid:ZDI-19-071

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6576

Trust: 0.7

db:ZDIid:ZDI-19-080

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6577

Trust: 0.7

db:ZDIid:ZDI-19-081

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6491

Trust: 0.7

db:ZDIid:ZDI-19-069

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6628

Trust: 0.7

db:ZDIid:ZDI-19-091

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6627

Trust: 0.7

db:ZDIid:ZDI-19-090

Trust: 0.7

db:IVDid:7D851B30-463F-11E9-9851-000C29342CB1

Trust: 0.2

sources: IVD: 7d851b30-463f-11e9-9851-000c29342cb1 // ZDI: ZDI-19-072 // ZDI: ZDI-19-070 // ZDI: ZDI-19-079 // ZDI: ZDI-19-089 // ZDI: ZDI-19-075 // ZDI: ZDI-19-087 // ZDI: ZDI-19-077 // ZDI: ZDI-19-071 // ZDI: ZDI-19-080 // ZDI: ZDI-19-081 // ZDI: ZDI-19-069 // ZDI: ZDI-19-091 // ZDI: ZDI-19-090 // CNVD: CNVD-2019-02384 // BID: 106634 // CNNVD: CNNVD-201901-510 // NVD: CVE-2018-18988

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01

Trust: 11.6

url:http://www.securityfocus.com/bid/106634

Trust: 1.6

url:https://laquisscada.com/

Trust: 0.3

sources: ZDI: ZDI-19-072 // ZDI: ZDI-19-070 // ZDI: ZDI-19-079 // ZDI: ZDI-19-089 // ZDI: ZDI-19-075 // ZDI: ZDI-19-087 // ZDI: ZDI-19-077 // ZDI: ZDI-19-071 // ZDI: ZDI-19-080 // ZDI: ZDI-19-081 // ZDI: ZDI-19-069 // ZDI: ZDI-19-091 // ZDI: ZDI-19-090 // CNVD: CNVD-2019-02384 // BID: 106634 // CNNVD: CNNVD-201901-510 // NVD: CVE-2018-18988

CREDITS

Esteban Ruiz (mr_me) of Source Incite

Trust: 9.1

sources: ZDI: ZDI-19-072 // ZDI: ZDI-19-070 // ZDI: ZDI-19-079 // ZDI: ZDI-19-089 // ZDI: ZDI-19-075 // ZDI: ZDI-19-087 // ZDI: ZDI-19-077 // ZDI: ZDI-19-071 // ZDI: ZDI-19-080 // ZDI: ZDI-19-081 // ZDI: ZDI-19-069 // ZDI: ZDI-19-091 // ZDI: ZDI-19-090

SOURCES

db:IVDid:7d851b30-463f-11e9-9851-000c29342cb1
db:ZDIid:ZDI-19-072
db:ZDIid:ZDI-19-070
db:ZDIid:ZDI-19-079
db:ZDIid:ZDI-19-089
db:ZDIid:ZDI-19-075
db:ZDIid:ZDI-19-087
db:ZDIid:ZDI-19-077
db:ZDIid:ZDI-19-071
db:ZDIid:ZDI-19-080
db:ZDIid:ZDI-19-081
db:ZDIid:ZDI-19-069
db:ZDIid:ZDI-19-091
db:ZDIid:ZDI-19-090
db:CNVDid:CNVD-2019-02384
db:BIDid:106634
db:CNNVDid:CNNVD-201901-510
db:NVDid:CVE-2018-18988

LAST UPDATE DATE

2024-11-20T22:34:56.386000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-072date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-070date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-079date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-089date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-075date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-087date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-077date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-071date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-080date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-081date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-069date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-091date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-090date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-02384date:2019-01-22T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:CNNVDid:CNNVD-201901-510date:2019-10-17T00:00:00
db:NVDid:CVE-2018-18988date:2019-10-09T23:37:31.957

SOURCES RELEASE DATE

db:IVDid:7d851b30-463f-11e9-9851-000c29342cb1date:2019-01-22T00:00:00
db:ZDIid:ZDI-19-072date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-070date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-079date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-089date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-075date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-087date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-077date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-071date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-080date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-081date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-069date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-091date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-090date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-02384date:2019-01-22T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:CNNVDid:CNNVD-201901-510date:2019-01-16T00:00:00
db:NVDid:CVE-2018-18988date:2019-02-01T17:29:00.187