Details of VAR-201908-1839

ID

VAR-201908-1839

CVE

CVE-2019-10994

TITLE

LAquis SCADA Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2019-007543

DESCRIPTION

Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). LAquis SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A buffer overflow vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Trust: 2.97

sources: NVD: CVE-2019-10994 // JVNDB: JVNDB-2019-007543 // ZDI: ZDI-19-688 // CNVD: CNVD-2019-28113 // IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572 // CNVD: CNVD-2019-28113

AFFECTED PRODUCTS

vendor:	lcds	model:	laquis scada	scope:	eq	version:	4.3.1.71	Trust: 1.4
vendor:	laquisscada	model:	scada	scope:	eq	version:	4.3.1.71	Trust: 1.0
vendor:	laquis	model:	scada	scope:	-	version:	-	Trust: 0.7
vendor:	scada	model:	-	scope:	eq	version:	4.3.1.71	Trust: 0.2

sources: IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572 // ZDI: ZDI-19-688 // CNVD: CNVD-2019-28113 // JVNDB: JVNDB-2019-007543 // NVD: CVE-2019-10994

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10994
value:	LOW
Trust: 1.0
NVD:	CVE-2019-10994
value:	LOW
Trust: 0.8
ZDI:	CVE-2019-10994
value:	LOW
Trust: 0.7
CNVD:	CNVD-2019-28113
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201908-143
value:	LOW
Trust: 0.6
IVD:	82947e4f-7b47-4a27-8c05-80e16eed7572
value:	LOW
Trust: 0.2

nvd@nist.gov:	CVE-2019-10994
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-28113
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	82947e4f-7b47-4a27-8c05-80e16eed7572
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-10994
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 1.8
ZDI:	CVE-2019-10994
baseSeverity:	LOW
baseScore:	2.5
vectorString:	AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.0
impactScore:	1.4
version:	3.0
Trust: 0.7

sources: IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572 // ZDI: ZDI-19-688 // CNVD: CNVD-2019-28113 // JVNDB: JVNDB-2019-007543 // CNNVD: CNNVD-201908-143 // NVD: CVE-2019-10994

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2019-007543 // NVD: CVE-2019-10994

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-143

TYPE

Buffer error

Trust: 0.8

sources: IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572 // CNNVD: CNNVD-201908-143

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007543

PATCH

title:	Top Page	url:	https://laquisscada.com/	Trust: 0.8
title:	LAquis has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-19-213-06	Trust: 0.7
title:	Patch for LCDS LAquis SCADA Buffer Overflow Vulnerability (CNVD-2019-28113)	url:	https://www.cnvd.org.cn/patchInfo/show/176009	Trust: 0.6
title:	LCDS LAquis SCADA Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95905	Trust: 0.6

sources: ZDI: ZDI-19-688 // CNVD: CNVD-2019-28113 // JVNDB: JVNDB-2019-007543 // CNNVD: CNNVD-201908-143

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10994	Trust: 3.9
db:	ICS CERT	id:	ICSA-19-213-06	Trust: 3.0
db:	ZDI	id:	ZDI-19-688	Trust: 1.3
db:	CNVD	id:	CNVD-2019-28113	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-143	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-007543	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-8198	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2899	Trust: 0.6
db:	IVD	id:	82947E4F-7B47-4A27-8C05-80E16EED7572	Trust: 0.2

sources: IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572 // ZDI: ZDI-19-688 // CNVD: CNVD-2019-28113 // JVNDB: JVNDB-2019-007543 // CNNVD: CNNVD-201908-143 // NVD: CVE-2019-10994

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-213-06	Trust: 3.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10994	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10994	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.2899/	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-19-688/	Trust: 0.6

sources: ZDI: ZDI-19-688 // CNVD: CNVD-2019-28113 // JVNDB: JVNDB-2019-007543 // CNNVD: CNNVD-201908-143 // NVD: CVE-2019-10994

CREDITS

Francis Provencher {PRL}

Trust: 1.3

sources: ZDI: ZDI-19-688 // CNNVD: CNNVD-201908-143

SOURCES

db:	IVD	id:	82947e4f-7b47-4a27-8c05-80e16eed7572
db:	ZDI	id:	ZDI-19-688
db:	CNVD	id:	CNVD-2019-28113
db:	JVNDB	id:	JVNDB-2019-007543
db:	CNNVD	id:	CNNVD-201908-143
db:	NVD	id:	CVE-2019-10994

LAST UPDATE DATE

2024-08-14T14:04:17.271000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-688	date:	2019-08-05T00:00:00
db:	CNVD	id:	CNVD-2019-28113	date:	2019-08-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-007543	date:	2019-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201908-143	date:	2019-08-14T00:00:00
db:	NVD	id:	CVE-2019-10994	date:	2019-10-09T23:45:10.150

SOURCES RELEASE DATE

db:	IVD	id:	82947e4f-7b47-4a27-8c05-80e16eed7572	date:	2019-08-20T00:00:00
db:	ZDI	id:	ZDI-19-688	date:	2019-08-05T00:00:00
db:	CNVD	id:	CNVD-2019-28113	date:	2019-08-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-007543	date:	2019-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201908-143	date:	2019-08-01T00:00:00
db:	NVD	id:	CVE-2019-10994	date:	2019-08-05T19:15:11.193