Details of VAR-201902-0648

ID

VAR-201902-0648

CVE

CVE-2018-18990

TITLE

LCDS LAquis SCADA Path traversal vulnerability

Trust: 2.2

sources: IVD: 7d84f423-463f-11e9-9895-000c29342cb1 // CNVD: CNVD-2019-02385 // JVNDB: JVNDB-2018-014316 // CNNVD: CNNVD-201901-515

DESCRIPTION

LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process. LCDS Laquis SCADA Contains a path traversal vulnerability.Information may be obtained. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requested URLs. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. The vulnerability stems from the fact that the program failed to validate correctly before using the user-submitted path. information. LCDS LAquis SCADA is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

Trust: 3.24

sources: NVD: CVE-2018-18990 // JVNDB: JVNDB-2018-014316 // ZDI: ZDI-19-058 // CNVD: CNVD-2019-02385 // BID: 106634 // IVD: 7d84f423-463f-11e9-9895-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 7d84f423-463f-11e9-9895-000c29342cb1 // CNVD: CNVD-2019-02385

AFFECTED PRODUCTS

vendor:	lcds	model:	laquis scada	scope:	lt	version:	4.1.0.4150	Trust: 1.8
vendor:	laquis scada	model:	software	scope:	-	version:	-	Trust: 0.7
vendor:	lcds	model:	le\303\243o consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	eq	version:	-4.1.0.3870	Trust: 0.6
vendor:	lcds	model:	leão consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	eq	version:	-4.1.0.3870	Trust: 0.3
vendor:	lcds	model:	leão consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	ne	version:	-4.1.0.4150	Trust: 0.3
vendor:	laquis scada	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 7d84f423-463f-11e9-9895-000c29342cb1 // ZDI: ZDI-19-058 // CNVD: CNVD-2019-02385 // BID: 106634 // JVNDB: JVNDB-2018-014316 // NVD: CVE-2018-18990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-18990
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-18990
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2018-18990
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2019-02385
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201901-515
value:	MEDIUM
Trust: 0.6
IVD:	7d84f423-463f-11e9-9895-000c29342cb1
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2018-18990
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.5
CNVD:	CNVD-2019-02385
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d84f423-463f-11e9-9895-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-18990
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: IVD: 7d84f423-463f-11e9-9895-000c29342cb1 // ZDI: ZDI-19-058 // CNVD: CNVD-2019-02385 // JVNDB: JVNDB-2018-014316 // CNNVD: CNNVD-201901-515 // NVD: CVE-2018-18990

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.8
problemtype:	CWE-23	Trust: 1.0

sources: JVNDB: JVNDB-2018-014316 // NVD: CVE-2018-18990

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-515

TYPE

Path traversal

Trust: 0.8

sources: IVD: 7d84f423-463f-11e9-9895-000c29342cb1 // CNNVD: CNNVD-201901-515

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014316

PATCH

title:	TopPage	url:	https://laquisscada.com/	Trust: 0.8
title:	LAquis SCADA has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01	Trust: 0.7
title:	LCDS LAquis SCADA Path Traversal Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/150971	Trust: 0.6
title:	LCDS LAquis SCADA Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88649	Trust: 0.6

sources: ZDI: ZDI-19-058 // CNVD: CNVD-2019-02385 // JVNDB: JVNDB-2018-014316 // CNNVD: CNNVD-201901-515

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18990	Trust: 4.2
db:	ICS CERT	id:	ICSA-19-015-01	Trust: 2.7
db:	BID	id:	106634	Trust: 1.9
db:	CNVD	id:	CNVD-2019-02385	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-515	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014316	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6667	Trust: 0.7
db:	ZDI	id:	ZDI-19-058	Trust: 0.7
db:	ICS CERT	id:	ICSA-19-015-01T	Trust: 0.6
db:	IVD	id:	7D84F423-463F-11E9-9895-000C29342CB1	Trust: 0.2

sources: IVD: 7d84f423-463f-11e9-9895-000c29342cb1 // ZDI: ZDI-19-058 // CNVD: CNVD-2019-02385 // BID: 106634 // JVNDB: JVNDB-2018-014316 // CNNVD: CNNVD-201901-515 // NVD: CVE-2018-18990

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-015-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/106634	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18990	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18990	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource	Trust: 0.6
url:	http://www.securityfocus.com/bid/106634third party advisoryvdb entry	Trust: 0.6
url:	https://laquisscada.com/	Trust: 0.3

sources: ZDI: ZDI-19-058 // CNVD: CNVD-2019-02385 // BID: 106634 // JVNDB: JVNDB-2018-014316 // CNNVD: CNNVD-201901-515 // NVD: CVE-2018-18990

CREDITS

Esteban Ruiz (mr_me) of Source Incite

Trust: 0.7

sources: ZDI: ZDI-19-058

SOURCES

db:	IVD	id:	7d84f423-463f-11e9-9895-000c29342cb1
db:	ZDI	id:	ZDI-19-058
db:	CNVD	id:	CNVD-2019-02385
db:	BID	id:	106634
db:	JVNDB	id:	JVNDB-2018-014316
db:	CNNVD	id:	CNNVD-201901-515
db:	NVD	id:	CVE-2018-18990

LAST UPDATE DATE

2024-08-14T13:26:58.028000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-058	date:	2019-01-19T00:00:00
db:	CNVD	id:	CNVD-2019-02385	date:	2019-01-22T00:00:00
db:	BID	id:	106634	date:	2019-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-014316	date:	2019-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201901-515	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-18990	date:	2019-10-09T23:37:32.193

SOURCES RELEASE DATE

db:	IVD	id:	7d84f423-463f-11e9-9895-000c29342cb1	date:	2019-01-22T00:00:00
db:	ZDI	id:	ZDI-19-058	date:	2019-01-19T00:00:00
db:	CNVD	id:	CNVD-2019-02385	date:	2019-01-22T00:00:00
db:	BID	id:	106634	date:	2019-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-014316	date:	2019-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201901-515	date:	2019-01-16T00:00:00
db:	NVD	id:	CVE-2018-18990	date:	2019-02-05T18:29:00.587