ID

VAR-201902-0650


CVE

CVE-2018-18996


TITLE

LCDS Laquis SCADA Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014314

DESCRIPTION

LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server. LCDS Laquis SCADA Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorionome.lhtml. When parsing the NOME Element, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the aq process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

Trust: 4.5

sources: NVD: CVE-2018-18996 // JVNDB: JVNDB-2018-014314 // ZDI: ZDI-19-065 // ZDI: ZDI-19-064 // ZDI: ZDI-19-066 // CNVD: CNVD-2019-28111 // BID: 106634 // IVD: fb066b88-dbba-4390-addc-43425f7b94e6

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: fb066b88-dbba-4390-addc-43425f7b94e6 // CNVD: CNVD-2019-28111

AFFECTED PRODUCTS

vendor:laquis scadamodel:softwarescope: - version: -

Trust: 2.1

vendor:lcdsmodel:laquis scadascope:ltversion:4.1.0.4150

Trust: 1.8

vendor:lcdsmodel:laquis scadascope:eqversion:4.1.0.3870

Trust: 0.6

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.3

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:neversion:-4.1.0.4150

Trust: 0.3

vendor:laquis scadamodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: fb066b88-dbba-4390-addc-43425f7b94e6 // ZDI: ZDI-19-065 // ZDI: ZDI-19-064 // ZDI: ZDI-19-066 // CNVD: CNVD-2019-28111 // BID: 106634 // JVNDB: JVNDB-2018-014314 // NVD: CVE-2018-18996

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-18996
value: HIGH

Trust: 2.1

nvd@nist.gov: CVE-2018-18996
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-18996
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-28111
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201901-518
value: CRITICAL

Trust: 0.6

IVD: fb066b88-dbba-4390-addc-43425f7b94e6
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2018-18996
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 3.9

CNVD: CNVD-2019-28111
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: fb066b88-dbba-4390-addc-43425f7b94e6
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-18996
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: fb066b88-dbba-4390-addc-43425f7b94e6 // ZDI: ZDI-19-065 // ZDI: ZDI-19-064 // ZDI: ZDI-19-066 // CNVD: CNVD-2019-28111 // JVNDB: JVNDB-2018-014314 // CNNVD: CNNVD-201901-518 // NVD: CVE-2018-18996

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-285

Trust: 0.8

sources: JVNDB: JVNDB-2018-014314 // NVD: CVE-2018-18996

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-518

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201901-518

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014314

PATCH

title:LAquis SCADA has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01

Trust: 2.1

title:TopPageurl:https://laquisscada.com/

Trust: 0.8

title:LCDS LAquis SCADA has an unspecified vulnerability (CNVD-2019-28111) patchurl:https://www.cnvd.org.cn/patchInfo/show/176015

Trust: 0.6

title:LCDS LAquis SCADA Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88646

Trust: 0.6

sources: ZDI: ZDI-19-065 // ZDI: ZDI-19-064 // ZDI: ZDI-19-066 // CNVD: CNVD-2019-28111 // JVNDB: JVNDB-2018-014314 // CNNVD: CNNVD-201901-518

EXTERNAL IDS

db:NVDid:CVE-2018-18996

Trust: 5.6

db:ICS CERTid:ICSA-19-015-01

Trust: 3.3

db:BIDid:106634

Trust: 1.9

db:CNVDid:CNVD-2019-28111

Trust: 0.8

db:CNNVDid:CNNVD-201901-518

Trust: 0.8

db:JVNDBid:JVNDB-2018-014314

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6675

Trust: 0.7

db:ZDIid:ZDI-19-065

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6674

Trust: 0.7

db:ZDIid:ZDI-19-064

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6676

Trust: 0.7

db:ZDIid:ZDI-19-066

Trust: 0.7

db:ICS CERTid:ICSA-19-015-01T

Trust: 0.6

db:IVDid:FB066B88-DBBA-4390-ADDC-43425F7B94E6

Trust: 0.2

sources: IVD: fb066b88-dbba-4390-addc-43425f7b94e6 // ZDI: ZDI-19-065 // ZDI: ZDI-19-064 // ZDI: ZDI-19-066 // CNVD: CNVD-2019-28111 // BID: 106634 // JVNDB: JVNDB-2018-014314 // CNNVD: CNNVD-201901-518 // NVD: CVE-2018-18996

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01

Trust: 5.4

url:http://www.securityfocus.com/bid/106634

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-18996

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18996

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource

Trust: 0.6

url:http://www.securityfocus.com/bid/106634third party advisoryvdb entry

Trust: 0.6

url:https://laquisscada.com/

Trust: 0.3

sources: ZDI: ZDI-19-065 // ZDI: ZDI-19-064 // ZDI: ZDI-19-066 // CNVD: CNVD-2019-28111 // BID: 106634 // JVNDB: JVNDB-2018-014314 // CNNVD: CNNVD-201901-518 // NVD: CVE-2018-18996

CREDITS

Esteban Ruiz (mr_me) of Source Incite

Trust: 2.1

sources: ZDI: ZDI-19-065 // ZDI: ZDI-19-064 // ZDI: ZDI-19-066

SOURCES

db:IVDid:fb066b88-dbba-4390-addc-43425f7b94e6
db:ZDIid:ZDI-19-065
db:ZDIid:ZDI-19-064
db:ZDIid:ZDI-19-066
db:CNVDid:CNVD-2019-28111
db:BIDid:106634
db:JVNDBid:JVNDB-2018-014314
db:CNNVDid:CNNVD-201901-518
db:NVDid:CVE-2018-18996

LAST UPDATE DATE

2024-08-14T13:26:58.114000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-065date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-064date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-066date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-28111date:2019-08-20T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-014314date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201901-518date:2019-10-17T00:00:00
db:NVDid:CVE-2018-18996date:2019-10-09T23:37:32.910

SOURCES RELEASE DATE

db:IVDid:fb066b88-dbba-4390-addc-43425f7b94e6date:2019-08-20T00:00:00
db:ZDIid:ZDI-19-065date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-064date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-066date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-28111date:2019-08-20T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-014314date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201901-518date:2019-01-16T00:00:00
db:NVDid:CVE-2018-18996date:2019-02-05T18:29:00.663