Sign-up

ID

VAR-201902-0650


CVE

CVE-2018-18996


TITLE

LCDS Laquis SCADA Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014314

DESCRIPTION

LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server. LCDS Laquis SCADA Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorionome.lhtml. When parsing the NOME Element, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the aq process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

Trust: 4.5

sources: NVD: CVE-2018-18996 // JVNDB: JVNDB-2018-014314 // ZDI: ZDI-19-065 // ZDI: ZDI-19-064 // ZDI: ZDI-19-066 // CNVD: CNVD-2019-28111 // BID: 106634 // IVD: fb066b88-dbba-4390-addc-43425f7b94e6

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: fb066b88-dbba-4390-addc-43425f7b94e6 // CNVD: CNVD-2019-28111

AFFECTED PRODUCTS

vendor:laquis scadamodel:softwarescope: - version: -

Trust: 2.1

vendor:lcdsmodel:laquis scadascope:ltversion:4.1.0.4150

Trust: 1.8

vendor:lcdsmodel:laquis scadascope:eqversion:4.1.0.3870

Trust: 0.6

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.3

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:neversion:-4.1.0.4150

Trust: 0.3

vendor:laquis scadamodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: fb066b88-dbba-4390-addc-43425f7b94e6 // ZDI: ZDI-19-065 // ZDI: ZDI-19-064 // ZDI: ZDI-19-066 // CNVD: CNVD-2019-28111 // BID: 106634 // JVNDB: JVNDB-2018-014314 // NVD: CVE-2018-18996

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-18996
value: HIGH

Trust: 2.1

nvd@nist.gov: CVE-2018-18996
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-18996
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-28111
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201901-518
value: CRITICAL

Trust: 0.6

IVD: fb066b88-dbba-4390-addc-43425f7b94e6
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2018-18996
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 3.9

CNVD: CNVD-2019-28111
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: fb066b88-dbba-4390-addc-43425f7b94e6
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-18996
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: fb066b88-dbba-4390-addc-43425f7b94e6 // ZDI: ZDI-19-065 // ZDI: ZDI-19-064 // ZDI: ZDI-19-066 // CNVD: CNVD-2019-28111 // JVNDB: JVNDB-2018-014314 // CNNVD: CNNVD-201901-518 // NVD: CVE-2018-18996

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-285

Trust: 0.8

sources: JVNDB: JVNDB-2018-014314 // NVD: CVE-2018-18996

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-518

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201901-518

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014314

PATCH
title:LAquis SCADA has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01
Trust: 2.1
title:TopPageurl:https://laquisscada.com/
Trust: 0.8
title:LCDS LAquis SCADA has an unspecified vulnerability (CNVD-2019-28111) patchurl:https://www.cnvd.org.cn/patchInfo/show/176015
Trust: 0.6
title:LCDS LAquis SCADA Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88646
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-065 // 
            
            
            
            ZDI: ZDI-19-064 // 
            
            
            
            ZDI: ZDI-19-066 // 
            
            
            
            CNVD: CNVD-2019-28111 // 
            
            
            
            JVNDB: JVNDB-2018-014314 // 
            
            
            
            CNNVD: CNNVD-201901-518

EXTERNAL IDS
db:NVDid:CVE-2018-18996
Trust: 5.6
db:ICS CERTid:ICSA-19-015-01
Trust: 3.3
db:BIDid:106634
Trust: 1.9
db:CNVDid:CNVD-2019-28111
Trust: 0.8
db:CNNVDid:CNNVD-201901-518
Trust: 0.8
db:JVNDBid:JVNDB-2018-014314
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6675
Trust: 0.7
db:ZDIid:ZDI-19-065
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6674
Trust: 0.7
db:ZDIid:ZDI-19-064
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6676
Trust: 0.7
db:ZDIid:ZDI-19-066
Trust: 0.7
db:ICS CERTid:ICSA-19-015-01T
Trust: 0.6
db:IVDid:FB066B88-DBBA-4390-ADDC-43425F7B94E6
Trust: 0.2
sources:
            
            
            IVD: fb066b88-dbba-4390-addc-43425f7b94e6 // 
            
            
            
            ZDI: ZDI-19-065 // 
            
            
            
            ZDI: ZDI-19-064 // 
            
            
            
            ZDI: ZDI-19-066 // 
            
            
            
            CNVD: CNVD-2019-28111 // 
            
            
            
            BID: 106634 // 
            
            
            
            JVNDB: JVNDB-2018-014314 // 
            
            
            
            CNNVD: CNNVD-201901-518 // 
            
            
            
            NVD: CVE-2018-18996

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01
Trust: 5.4
url:http://www.securityfocus.com/bid/106634
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-18996
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18996
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource
Trust: 0.6
url:http://www.securityfocus.com/bid/106634third party advisoryvdb entry
Trust: 0.6
url:https://laquisscada.com/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-19-065 // 
            
            
            
            ZDI: ZDI-19-064 // 
            
            
            
            ZDI: ZDI-19-066 // 
            
            
            
            CNVD: CNVD-2019-28111 // 
            
            
            
            BID: 106634 // 
            
            
            
            JVNDB: JVNDB-2018-014314 // 
            
            
            
            CNNVD: CNNVD-201901-518 // 
            
            
            
            NVD: CVE-2018-18996

CREDITS
Esteban Ruiz (mr_me) of Source Incite
Trust: 2.1
sources:
            
            
            ZDI: ZDI-19-065 // 
            
            
            
            ZDI: ZDI-19-064 // 
            
            
            
            ZDI: ZDI-19-066

SOURCES
db:IVDid:fb066b88-dbba-4390-addc-43425f7b94e6
db:ZDIid:ZDI-19-065
db:ZDIid:ZDI-19-064
db:ZDIid:ZDI-19-066
db:CNVDid:CNVD-2019-28111
db:BIDid:106634
db:JVNDBid:JVNDB-2018-014314
db:CNNVDid:CNNVD-201901-518
db:NVDid:CVE-2018-18996

LAST UPDATE DATE
2024-08-14T13:26:58.114000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-065date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-064date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-066date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-28111date:2019-08-20T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-014314date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201901-518date:2019-10-17T00:00:00
db:NVDid:CVE-2018-18996date:2019-10-09T23:37:32.910

SOURCES RELEASE DATE
db:IVDid:fb066b88-dbba-4390-addc-43425f7b94e6date:2019-08-20T00:00:00
db:ZDIid:ZDI-19-065date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-064date:2019-01-19T00:00:00
db:ZDIid:ZDI-19-066date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-28111date:2019-08-20T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-014314date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201901-518date:2019-01-16T00:00:00
db:NVDid:CVE-2018-18996date:2019-02-05T18:29:00.663