ID

VAR-201902-0648


CVE

CVE-2018-18990


TITLE

LCDS LAquis SCADA Path traversal vulnerability

Trust: 2.2

sources: IVD: 7d84f423-463f-11e9-9895-000c29342cb1 // CNVD: CNVD-2019-02385 // JVNDB: JVNDB-2018-014316 // CNNVD: CNNVD-201901-515

DESCRIPTION

LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process. LCDS Laquis SCADA Contains a path traversal vulnerability.Information may be obtained. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requested URLs. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. The vulnerability stems from the fact that the program failed to validate correctly before using the user-submitted path. information. LCDS LAquis SCADA is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

Trust: 3.24

sources: NVD: CVE-2018-18990 // JVNDB: JVNDB-2018-014316 // ZDI: ZDI-19-058 // CNVD: CNVD-2019-02385 // BID: 106634 // IVD: 7d84f423-463f-11e9-9895-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7d84f423-463f-11e9-9895-000c29342cb1 // CNVD: CNVD-2019-02385

AFFECTED PRODUCTS

vendor:lcdsmodel:laquis scadascope:ltversion:4.1.0.4150

Trust: 1.8

vendor:laquis scadamodel:softwarescope: - version: -

Trust: 0.7

vendor:lcdsmodel:le\303\243o consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.6

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.3

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:neversion:-4.1.0.4150

Trust: 0.3

vendor:laquis scadamodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d84f423-463f-11e9-9895-000c29342cb1 // ZDI: ZDI-19-058 // CNVD: CNVD-2019-02385 // BID: 106634 // JVNDB: JVNDB-2018-014316 // NVD: CVE-2018-18990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18990
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-18990
value: MEDIUM

Trust: 0.8

ZDI: CVE-2018-18990
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2019-02385
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-515
value: MEDIUM

Trust: 0.6

IVD: 7d84f423-463f-11e9-9895-000c29342cb1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-18990
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

CNVD: CNVD-2019-02385
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d84f423-463f-11e9-9895-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-18990
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: IVD: 7d84f423-463f-11e9-9895-000c29342cb1 // ZDI: ZDI-19-058 // CNVD: CNVD-2019-02385 // JVNDB: JVNDB-2018-014316 // CNNVD: CNNVD-201901-515 // NVD: CVE-2018-18990

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

problemtype:CWE-23

Trust: 1.0

sources: JVNDB: JVNDB-2018-014316 // NVD: CVE-2018-18990

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-515

TYPE

Path traversal

Trust: 0.8

sources: IVD: 7d84f423-463f-11e9-9895-000c29342cb1 // CNNVD: CNNVD-201901-515

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014316

PATCH

title:TopPageurl:https://laquisscada.com/

Trust: 0.8

title:LAquis SCADA has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01

Trust: 0.7

title:LCDS LAquis SCADA Path Traversal Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/150971

Trust: 0.6

title:LCDS LAquis SCADA Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88649

Trust: 0.6

sources: ZDI: ZDI-19-058 // CNVD: CNVD-2019-02385 // JVNDB: JVNDB-2018-014316 // CNNVD: CNNVD-201901-515

EXTERNAL IDS

db:NVDid:CVE-2018-18990

Trust: 4.2

db:ICS CERTid:ICSA-19-015-01

Trust: 2.7

db:BIDid:106634

Trust: 1.9

db:CNVDid:CNVD-2019-02385

Trust: 0.8

db:CNNVDid:CNNVD-201901-515

Trust: 0.8

db:JVNDBid:JVNDB-2018-014316

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6667

Trust: 0.7

db:ZDIid:ZDI-19-058

Trust: 0.7

db:ICS CERTid:ICSA-19-015-01T

Trust: 0.6

db:IVDid:7D84F423-463F-11E9-9895-000C29342CB1

Trust: 0.2

sources: IVD: 7d84f423-463f-11e9-9895-000c29342cb1 // ZDI: ZDI-19-058 // CNVD: CNVD-2019-02385 // BID: 106634 // JVNDB: JVNDB-2018-014316 // CNNVD: CNNVD-201901-515 // NVD: CVE-2018-18990

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01

Trust: 3.4

url:http://www.securityfocus.com/bid/106634

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-18990

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18990

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource

Trust: 0.6

url:http://www.securityfocus.com/bid/106634third party advisoryvdb entry

Trust: 0.6

url:https://laquisscada.com/

Trust: 0.3

sources: ZDI: ZDI-19-058 // CNVD: CNVD-2019-02385 // BID: 106634 // JVNDB: JVNDB-2018-014316 // CNNVD: CNNVD-201901-515 // NVD: CVE-2018-18990

CREDITS

Esteban Ruiz (mr_me) of Source Incite

Trust: 0.7

sources: ZDI: ZDI-19-058

SOURCES

db:IVDid:7d84f423-463f-11e9-9895-000c29342cb1
db:ZDIid:ZDI-19-058
db:CNVDid:CNVD-2019-02385
db:BIDid:106634
db:JVNDBid:JVNDB-2018-014316
db:CNNVDid:CNNVD-201901-515
db:NVDid:CVE-2018-18990

LAST UPDATE DATE

2024-08-14T13:26:58.028000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-058date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-02385date:2019-01-22T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-014316date:2019-03-18T00:00:00
db:CNNVDid:CNNVD-201901-515date:2019-10-17T00:00:00
db:NVDid:CVE-2018-18990date:2019-10-09T23:37:32.193

SOURCES RELEASE DATE

db:IVDid:7d84f423-463f-11e9-9895-000c29342cb1date:2019-01-22T00:00:00
db:ZDIid:ZDI-19-058date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-02385date:2019-01-22T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-014316date:2019-03-18T00:00:00
db:CNNVDid:CNNVD-201901-515date:2019-01-16T00:00:00
db:NVDid:CVE-2018-18990date:2019-02-05T18:29:00.587