ID

VAR-201903-0180


CVE

CVE-2019-6536


TITLE

LCDS LAquis SCADA Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 6957150b-ef62-4aad-a770-6439342094ff // CNVD: CNVD-2019-14979

DESCRIPTION

Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process. LCDS LAquis SCADA ELS File Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of ELS files. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. There is an out-of-bounds write vulnerability in LCDS LAquis SCADA. LAquis SCADA is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition. LAquis SCADA 4.1.0.4150 is vulnerable; other versions may also be vulnerable

Trust: 3.24

sources: NVD: CVE-2019-6536 // JVNDB: JVNDB-2019-003018 // ZDI: ZDI-19-307 // CNVD: CNVD-2019-14979 // BID: 107418 // IVD: 6957150b-ef62-4aad-a770-6439342094ff

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 6957150b-ef62-4aad-a770-6439342094ff // CNVD: CNVD-2019-14979

AFFECTED PRODUCTS

vendor:lcdsmodel:laquis scadascope:eqversion:4.1.0.4150

Trust: 1.0

vendor:lcdsmodel:laquis scadascope:ltversion:4.3.1.71

Trust: 0.8

vendor:laquismodel:scadascope: - version: -

Trust: 0.7

vendor:lcdsmodel:laquis scadascope: - version: -

Trust: 0.6

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.4150

Trust: 0.3

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:neversion:-4.3.1.71

Trust: 0.3

vendor:laquis scadamodel: - scope:eqversion:4.1.0.4150

Trust: 0.2

sources: IVD: 6957150b-ef62-4aad-a770-6439342094ff // ZDI: ZDI-19-307 // CNVD: CNVD-2019-14979 // BID: 107418 // JVNDB: JVNDB-2019-003018 // NVD: CVE-2019-6536

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6536
value: HIGH

Trust: 1.0

NVD: CVE-2019-6536
value: HIGH

Trust: 0.8

ZDI: CVE-2019-6536
value: HIGH

Trust: 0.7

CNVD: CNVD-2019-14979
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201903-575
value: HIGH

Trust: 0.6

IVD: 6957150b-ef62-4aad-a770-6439342094ff
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-6536
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-14979
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6957150b-ef62-4aad-a770-6439342094ff
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-6536
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

ZDI: CVE-2019-6536
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: IVD: 6957150b-ef62-4aad-a770-6439342094ff // ZDI: ZDI-19-307 // CNVD: CNVD-2019-14979 // JVNDB: JVNDB-2019-003018 // CNNVD: CNNVD-201903-575 // NVD: CVE-2019-6536

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-003018 // NVD: CVE-2019-6536

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-575

TYPE

Buffer error

Trust: 0.8

sources: IVD: 6957150b-ef62-4aad-a770-6439342094ff // CNNVD: CNNVD-201903-575

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003018

PATCH

title:Top Pageurl:https://laquisscada.com/

Trust: 0.8

title:LAquis has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-073-01

Trust: 0.7

title:Patch for LCDS LAquis SCADA Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/161905

Trust: 0.6

title:LCDS LAquis SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90161

Trust: 0.6

sources: ZDI: ZDI-19-307 // CNVD: CNVD-2019-14979 // JVNDB: JVNDB-2019-003018 // CNNVD: CNNVD-201903-575

EXTERNAL IDS

db:NVDid:CVE-2019-6536

Trust: 4.2

db:ICS CERTid:ICSA-19-073-01

Trust: 3.3

db:ZDIid:ZDI-19-307

Trust: 2.3

db:BIDid:107418

Trust: 1.5

db:CNVDid:CNVD-2019-14979

Trust: 0.8

db:CNNVDid:CNNVD-201903-575

Trust: 0.8

db:JVNDBid:JVNDB-2019-003018

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-7374

Trust: 0.7

db:AUSCERTid:ESB-2019.0846

Trust: 0.6

db:IVDid:6957150B-EF62-4AAD-A770-6439342094FF

Trust: 0.2

sources: IVD: 6957150b-ef62-4aad-a770-6439342094ff // ZDI: ZDI-19-307 // CNVD: CNVD-2019-14979 // BID: 107418 // JVNDB: JVNDB-2019-003018 // CNNVD: CNNVD-201903-575 // NVD: CVE-2019-6536

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-073-01

Trust: 4.0

url:https://www.zerodayinitiative.com/advisories/zdi-19-307/

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-6536

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6536

Trust: 0.8

url:https://www.auscert.org.au/bulletins/77214

Trust: 0.6

url:http://www.securityfocus.com/bid/107418

Trust: 0.6

url:http://laquisscada.com/instale1.php

Trust: 0.3

sources: ZDI: ZDI-19-307 // CNVD: CNVD-2019-14979 // BID: 107418 // JVNDB: JVNDB-2019-003018 // CNNVD: CNNVD-201903-575 // NVD: CVE-2019-6536

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-19-307

SOURCES

db:IVDid:6957150b-ef62-4aad-a770-6439342094ff
db:ZDIid:ZDI-19-307
db:CNVDid:CNVD-2019-14979
db:BIDid:107418
db:JVNDBid:JVNDB-2019-003018
db:CNNVDid:CNNVD-201903-575
db:NVDid:CVE-2019-6536

LAST UPDATE DATE

2024-08-14T15:43:50.684000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-307date:2019-04-02T00:00:00
db:CNVDid:CNVD-2019-14979date:2019-05-22T00:00:00
db:BIDid:107418date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2019-003018date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-575date:2019-04-03T00:00:00
db:NVDid:CVE-2019-6536date:2019-04-02T16:29:00.623

SOURCES RELEASE DATE

db:IVDid:6957150b-ef62-4aad-a770-6439342094ffdate:2019-05-22T00:00:00
db:ZDIid:ZDI-19-307date:2019-04-02T00:00:00
db:CNVDid:CNVD-2019-14979date:2019-05-22T00:00:00
db:BIDid:107418date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2019-003018date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-575date:2019-03-14T00:00:00
db:NVDid:CVE-2019-6536date:2019-03-27T16:29:00.780