Details of VAR-201902-0647

ID

VAR-201902-0647

CVE

CVE-2018-18988

TITLE

LAquis SCADA Input validation vulnerability

Trust: 0.8

sources: IVD: 7d851b30-463f-11e9-9851-000c29342cb1 // CNVD: CNVD-2019-02384

DESCRIPTION

LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. Script embedded in a crafted file can create files in arbitrary locations using the Ini.WriteString method. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the MemoryWriteByte method. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the aq process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. LCDS LAquis SCADA is prone to multiple security vulnerabilities. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

Trust: 10.71

sources: NVD: CVE-2018-18988 // ZDI: ZDI-19-096 // ZDI: ZDI-19-094 // ZDI: ZDI-19-074 // ZDI: ZDI-19-088 // ZDI: ZDI-19-086 // ZDI: ZDI-19-084 // ZDI: ZDI-19-072 // ZDI: ZDI-19-078 // ZDI: ZDI-19-077 // ZDI: ZDI-19-087 // ZDI: ZDI-19-075 // ZDI: ZDI-19-089 // ZDI: ZDI-19-079 // ZDI: ZDI-19-070 // CNVD: CNVD-2019-02384 // BID: 106634 // IVD: 7d851b30-463f-11e9-9851-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 7d851b30-463f-11e9-9851-000c29342cb1 // CNVD: CNVD-2019-02384

AFFECTED PRODUCTS

vendor:	laquis scada	model:	software	scope:	-	version:	-	Trust: 9.8
vendor:	lcds	model:	laquis scada	scope:	lt	version:	4.1.0.4150	Trust: 1.0
vendor:	lcds	model:	le\303\243o consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	eq	version:	-4.1.0.3870	Trust: 0.6
vendor:	lcds	model:	leão consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	eq	version:	-4.1.0.3870	Trust: 0.3
vendor:	lcds	model:	leão consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	ne	version:	-4.1.0.4150	Trust: 0.3
vendor:	laquis scada	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 7d851b30-463f-11e9-9851-000c29342cb1 // ZDI: ZDI-19-072 // ZDI: ZDI-19-070 // ZDI: ZDI-19-079 // ZDI: ZDI-19-089 // ZDI: ZDI-19-075 // ZDI: ZDI-19-087 // ZDI: ZDI-19-077 // ZDI: ZDI-19-096 // ZDI: ZDI-19-078 // ZDI: ZDI-19-084 // ZDI: ZDI-19-086 // ZDI: ZDI-19-088 // ZDI: ZDI-19-074 // ZDI: ZDI-19-094 // CNVD: CNVD-2019-02384 // BID: 106634 // NVD: CVE-2018-18988

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-18988
value:	MEDIUM
Trust: 6.3
ZDI:	CVE-2018-18988
value:	HIGH
Trust: 3.5
nvd@nist.gov:	CVE-2018-18988
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2019-02384
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201901-510
value:	HIGH
Trust: 0.6
IVD:	7d851b30-463f-11e9-9851-000c29342cb1
value:	HIGH
Trust: 0.2

ZDI:	CVE-2018-18988
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 6.3
ZDI:	CVE-2018-18988
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 3.5
nvd@nist.gov:	CVE-2018-18988
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2019-02384
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d851b30-463f-11e9-9851-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-18988
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0

sources: NVD: CVE-2018-18988

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-510

TYPE

Input validation error

Trust: 1.1

sources: IVD: 7d851b30-463f-11e9-9851-000c29342cb1 // BID: 106634 // CNNVD: CNNVD-201901-510

PATCH

title:	LAquis SCADA has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01	Trust: 9.8
title:	LAquis SCADA Input Validation Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/150979	Trust: 0.6
title:	LAquis SCADA Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88655	Trust: 0.6

sources: ZDI: ZDI-19-072 // ZDI: ZDI-19-070 // ZDI: ZDI-19-079 // ZDI: ZDI-19-089 // ZDI: ZDI-19-075 // ZDI: ZDI-19-087 // ZDI: ZDI-19-077 // ZDI: ZDI-19-096 // ZDI: ZDI-19-078 // ZDI: ZDI-19-084 // ZDI: ZDI-19-086 // ZDI: ZDI-19-088 // ZDI: ZDI-19-074 // ZDI: ZDI-19-094 // CNVD: CNVD-2019-02384 // CNNVD: CNNVD-201901-510

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18988	Trust: 12.5
db:	ICS CERT	id:	ICSA-19-015-01	Trust: 2.5
db:	BID	id:	106634	Trust: 1.9
db:	CNVD	id:	CNVD-2019-02384	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-510	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6568	Trust: 0.7
db:	ZDI	id:	ZDI-19-072	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6579	Trust: 0.7
db:	ZDI	id:	ZDI-19-070	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6575	Trust: 0.7
db:	ZDI	id:	ZDI-19-079	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6626	Trust: 0.7
db:	ZDI	id:	ZDI-19-089	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6571	Trust: 0.7
db:	ZDI	id:	ZDI-19-075	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6624	Trust: 0.7
db:	ZDI	id:	ZDI-19-087	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6573	Trust: 0.7
db:	ZDI	id:	ZDI-19-077	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6681	Trust: 0.7
db:	ZDI	id:	ZDI-19-096	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6574	Trust: 0.7
db:	ZDI	id:	ZDI-19-078	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6621	Trust: 0.7
db:	ZDI	id:	ZDI-19-084	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6623	Trust: 0.7
db:	ZDI	id:	ZDI-19-086	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6625	Trust: 0.7
db:	ZDI	id:	ZDI-19-088	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6570	Trust: 0.7
db:	ZDI	id:	ZDI-19-074	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6679	Trust: 0.7
db:	ZDI	id:	ZDI-19-094	Trust: 0.7
db:	IVD	id:	7D851B30-463F-11E9-9851-000C29342CB1	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-015-01	Trust: 12.3
url:	http://www.securityfocus.com/bid/106634	Trust: 1.6
url:	https://laquisscada.com/	Trust: 0.3

CREDITS

Esteban Ruiz (mr_me) of Source Incite

Trust: 9.8

SOURCES

db:	IVD	id:	7d851b30-463f-11e9-9851-000c29342cb1
db:	ZDI	id:	ZDI-19-072
db:	ZDI	id:	ZDI-19-070
db:	ZDI	id:	ZDI-19-079
db:	ZDI	id:	ZDI-19-089
db:	ZDI	id:	ZDI-19-075
db:	ZDI	id:	ZDI-19-087
db:	ZDI	id:	ZDI-19-077
db:	ZDI	id:	ZDI-19-096
db:	ZDI	id:	ZDI-19-078
db:	ZDI	id:	ZDI-19-084
db:	ZDI	id:	ZDI-19-086
db:	ZDI	id:	ZDI-19-088
db:	ZDI	id:	ZDI-19-074
db:	ZDI	id:	ZDI-19-094
db:	CNVD	id:	CNVD-2019-02384
db:	BID	id:	106634
db:	CNNVD	id:	CNNVD-201901-510
db:	NVD	id:	CVE-2018-18988

LAST UPDATE DATE

2024-09-15T23:06:50.027000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-072	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-070	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-079	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-089	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-075	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-087	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-077	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-096	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-078	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-084	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-086	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-088	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-074	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-094	date:	2019-01-19T00:00:00
db:	CNVD	id:	CNVD-2019-02384	date:	2019-01-22T00:00:00
db:	BID	id:	106634	date:	2019-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201901-510	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-18988	date:	2019-10-09T23:37:31.957

SOURCES RELEASE DATE

db:	IVD	id:	7d851b30-463f-11e9-9851-000c29342cb1	date:	2019-01-22T00:00:00
db:	ZDI	id:	ZDI-19-072	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-070	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-079	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-089	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-075	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-087	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-077	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-096	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-078	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-084	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-086	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-088	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-074	date:	2019-01-19T00:00:00
db:	ZDI	id:	ZDI-19-094	date:	2019-01-19T00:00:00
db:	CNVD	id:	CNVD-2019-02384	date:	2019-01-22T00:00:00
db:	BID	id:	106634	date:	2019-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201901-510	date:	2019-01-16T00:00:00
db:	NVD	id:	CVE-2018-18988	date:	2019-02-01T17:29:00.187