Details of VAR-201903-0180

ID

VAR-201903-0180

CVE

CVE-2019-6536

TITLE

LCDS LAquis SCADA Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 6957150b-ef62-4aad-a770-6439342094ff // CNVD: CNVD-2019-14979

DESCRIPTION

Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process. LCDS LAquis SCADA ELS File Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of ELS files. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. There is an out-of-bounds write vulnerability in LCDS LAquis SCADA. LAquis SCADA is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition. LAquis SCADA 4.1.0.4150 is vulnerable; other versions may also be vulnerable

Trust: 3.24

sources: NVD: CVE-2019-6536 // JVNDB: JVNDB-2019-003018 // ZDI: ZDI-19-307 // CNVD: CNVD-2019-14979 // BID: 107418 // IVD: 6957150b-ef62-4aad-a770-6439342094ff

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 6957150b-ef62-4aad-a770-6439342094ff // CNVD: CNVD-2019-14979

AFFECTED PRODUCTS

vendor:	lcds	model:	laquis scada	scope:	eq	version:	4.1.0.4150	Trust: 1.0
vendor:	lcds	model:	laquis scada	scope:	lt	version:	4.3.1.71	Trust: 0.8
vendor:	laquis	model:	scada	scope:	-	version:	-	Trust: 0.7
vendor:	lcds	model:	laquis scada	scope:	-	version:	-	Trust: 0.6
vendor:	lcds	model:	leão consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	eq	version:	-4.1.0.4150	Trust: 0.3
vendor:	lcds	model:	leão consultoria e desenvolvimento de sistemas ltda me laquis scada	scope:	ne	version:	-4.3.1.71	Trust: 0.3
vendor:	laquis scada	model:	-	scope:	eq	version:	4.1.0.4150	Trust: 0.2

sources: IVD: 6957150b-ef62-4aad-a770-6439342094ff // ZDI: ZDI-19-307 // CNVD: CNVD-2019-14979 // BID: 107418 // JVNDB: JVNDB-2019-003018 // NVD: CVE-2019-6536

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6536
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-6536
value:	HIGH
Trust: 0.8
ZDI:	CVE-2019-6536
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2019-14979
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201903-575
value:	HIGH
Trust: 0.6
IVD:	6957150b-ef62-4aad-a770-6439342094ff
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2019-6536
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-14979
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	6957150b-ef62-4aad-a770-6439342094ff
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-6536
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8
ZDI:	CVE-2019-6536
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: IVD: 6957150b-ef62-4aad-a770-6439342094ff // ZDI: ZDI-19-307 // CNVD: CNVD-2019-14979 // JVNDB: JVNDB-2019-003018 // CNNVD: CNNVD-201903-575 // NVD: CVE-2019-6536

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-003018 // NVD: CVE-2019-6536

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-575

TYPE

Buffer error

Trust: 0.8

sources: IVD: 6957150b-ef62-4aad-a770-6439342094ff // CNNVD: CNNVD-201903-575

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003018

PATCH

title:	Top Page	url:	https://laquisscada.com/	Trust: 0.8
title:	LAquis has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-19-073-01	Trust: 0.7
title:	Patch for LCDS LAquis SCADA Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/161905	Trust: 0.6
title:	LCDS LAquis SCADA Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90161	Trust: 0.6

sources: ZDI: ZDI-19-307 // CNVD: CNVD-2019-14979 // JVNDB: JVNDB-2019-003018 // CNNVD: CNNVD-201903-575

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6536	Trust: 4.2
db:	ICS CERT	id:	ICSA-19-073-01	Trust: 3.3
db:	ZDI	id:	ZDI-19-307	Trust: 2.3
db:	BID	id:	107418	Trust: 1.5
db:	CNVD	id:	CNVD-2019-14979	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-575	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-003018	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-7374	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0846	Trust: 0.6
db:	IVD	id:	6957150B-EF62-4AAD-A770-6439342094FF	Trust: 0.2

sources: IVD: 6957150b-ef62-4aad-a770-6439342094ff // ZDI: ZDI-19-307 // CNVD: CNVD-2019-14979 // BID: 107418 // JVNDB: JVNDB-2019-003018 // CNNVD: CNNVD-201903-575 // NVD: CVE-2019-6536

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-073-01	Trust: 4.0
url:	https://www.zerodayinitiative.com/advisories/zdi-19-307/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6536	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6536	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/77214	Trust: 0.6
url:	http://www.securityfocus.com/bid/107418	Trust: 0.6
url:	http://laquisscada.com/instale1.php	Trust: 0.3

sources: ZDI: ZDI-19-307 // CNVD: CNVD-2019-14979 // BID: 107418 // JVNDB: JVNDB-2019-003018 // CNNVD: CNNVD-201903-575 // NVD: CVE-2019-6536

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-19-307

SOURCES

db:	IVD	id:	6957150b-ef62-4aad-a770-6439342094ff
db:	ZDI	id:	ZDI-19-307
db:	CNVD	id:	CNVD-2019-14979
db:	BID	id:	107418
db:	JVNDB	id:	JVNDB-2019-003018
db:	CNNVD	id:	CNNVD-201903-575
db:	NVD	id:	CVE-2019-6536

LAST UPDATE DATE

2024-08-14T15:43:50.684000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-307	date:	2019-04-02T00:00:00
db:	CNVD	id:	CNVD-2019-14979	date:	2019-05-22T00:00:00
db:	BID	id:	107418	date:	2019-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-003018	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201903-575	date:	2019-04-03T00:00:00
db:	NVD	id:	CVE-2019-6536	date:	2019-04-02T16:29:00.623

SOURCES RELEASE DATE

db:	IVD	id:	6957150b-ef62-4aad-a770-6439342094ff	date:	2019-05-22T00:00:00
db:	ZDI	id:	ZDI-19-307	date:	2019-04-02T00:00:00
db:	CNVD	id:	CNVD-2019-14979	date:	2019-05-22T00:00:00
db:	BID	id:	107418	date:	2019-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-003018	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201903-575	date:	2019-03-14T00:00:00
db:	NVD	id:	CVE-2019-6536	date:	2019-03-27T16:29:00.780