ID

VAR-201903-1176


CVE

CVE-2018-18994


TITLE

LCDS Laquis SCADA Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2018-015128

DESCRIPTION

LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration. LCDS Laquis SCADA Contains an out-of-bounds vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

Trust: 3.24

sources: NVD: CVE-2018-18994 // JVNDB: JVNDB-2018-015128 // ZDI: ZDI-19-060 // CNVD: CNVD-2019-02389 // BID: 106634 // IVD: 7d851b31-463f-11e9-b0dc-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7d851b31-463f-11e9-b0dc-000c29342cb1 // CNVD: CNVD-2019-02389

AFFECTED PRODUCTS

vendor:laquisscadamodel:laquis scadascope:ltversion:4.1.0.4150

Trust: 1.0

vendor:lcdsmodel:laquis scadascope:ltversion:4.1.0.4150

Trust: 0.8

vendor:laquis scadamodel:softwarescope: - version: -

Trust: 0.7

vendor:lcdsmodel:le\303\243o consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.6

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-4.1.0.3870

Trust: 0.3

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:neversion:-4.1.0.4150

Trust: 0.3

vendor:laquis scadamodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d851b31-463f-11e9-b0dc-000c29342cb1 // ZDI: ZDI-19-060 // CNVD: CNVD-2019-02389 // BID: 106634 // JVNDB: JVNDB-2018-015128 // NVD: CVE-2018-18994

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18994
value: HIGH

Trust: 1.0

NVD: CVE-2018-18994
value: HIGH

Trust: 0.8

ZDI: CVE-2018-18994
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2019-02389
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201901-516
value: HIGH

Trust: 0.6

IVD: 7d851b31-463f-11e9-b0dc-000c29342cb1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-18994
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-18994
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2019-02389
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d851b31-463f-11e9-b0dc-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-18994
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: IVD: 7d851b31-463f-11e9-b0dc-000c29342cb1 // ZDI: ZDI-19-060 // CNVD: CNVD-2019-02389 // JVNDB: JVNDB-2018-015128 // CNNVD: CNNVD-201901-516 // NVD: CVE-2018-18994

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2018-015128 // NVD: CVE-2018-18994

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-516

TYPE

Buffer error

Trust: 0.8

sources: IVD: 7d851b31-463f-11e9-b0dc-000c29342cb1 // CNNVD: CNNVD-201901-516

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015128

PATCH

title:Top Pageurl:https://laquisscada.com/

Trust: 0.8

title:LAquis SCADA has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01

Trust: 0.7

title:LCDS LAquis SCADA Offset Write Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/150967

Trust: 0.6

title:LCDS LAquis SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88648

Trust: 0.6

sources: ZDI: ZDI-19-060 // CNVD: CNVD-2019-02389 // JVNDB: JVNDB-2018-015128 // CNNVD: CNNVD-201901-516

EXTERNAL IDS

db:NVDid:CVE-2018-18994

Trust: 4.2

db:ICS CERTid:ICSA-19-015-01

Trust: 3.3

db:CNVDid:CNVD-2019-02389

Trust: 0.8

db:CNNVDid:CNNVD-201901-516

Trust: 0.8

db:JVNDBid:JVNDB-2018-015128

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6670

Trust: 0.7

db:ZDIid:ZDI-19-060

Trust: 0.7

db:BIDid:106634

Trust: 0.3

db:IVDid:7D851B31-463F-11E9-B0DC-000C29342CB1

Trust: 0.2

sources: IVD: 7d851b31-463f-11e9-b0dc-000c29342cb1 // ZDI: ZDI-19-060 // CNVD: CNVD-2019-02389 // BID: 106634 // JVNDB: JVNDB-2018-015128 // CNNVD: CNNVD-201901-516 // NVD: CVE-2018-18994

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-19-015-01

Trust: 4.0

url:https://nvd.nist.gov/vuln/detail/cve-2018-18994

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18994

Trust: 0.8

url:https://laquisscada.com/

Trust: 0.3

sources: ZDI: ZDI-19-060 // CNVD: CNVD-2019-02389 // BID: 106634 // JVNDB: JVNDB-2018-015128 // CNNVD: CNNVD-201901-516 // NVD: CVE-2018-18994

CREDITS

Esteban Ruiz (mr_me) of Source Incite

Trust: 0.7

sources: ZDI: ZDI-19-060

SOURCES

db:IVDid:7d851b31-463f-11e9-b0dc-000c29342cb1
db:ZDIid:ZDI-19-060
db:CNVDid:CNVD-2019-02389
db:BIDid:106634
db:JVNDBid:JVNDB-2018-015128
db:CNNVDid:CNNVD-201901-516
db:NVDid:CVE-2018-18994

LAST UPDATE DATE

2024-08-14T13:26:58.071000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-060date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-02389date:2019-01-22T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-015128date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201901-516date:2019-10-10T00:00:00
db:NVDid:CVE-2018-18994date:2019-10-09T23:37:32.647

SOURCES RELEASE DATE

db:IVDid:7d851b31-463f-11e9-b0dc-000c29342cb1date:2019-01-22T00:00:00
db:ZDIid:ZDI-19-060date:2019-01-19T00:00:00
db:CNVDid:CNVD-2019-02389date:2019-01-22T00:00:00
db:BIDid:106634date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2018-015128date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201901-516date:2019-01-16T00:00:00
db:NVDid:CVE-2018-18994date:2019-03-27T18:29:00.397