ID

VAR-201908-1839


CVE

CVE-2019-10994


TITLE

LAquis SCADA Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2019-007543

DESCRIPTION

Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). LAquis SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A buffer overflow vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Trust: 2.97

sources: NVD: CVE-2019-10994 // JVNDB: JVNDB-2019-007543 // ZDI: ZDI-19-688 // CNVD: CNVD-2019-28113 // IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572 // CNVD: CNVD-2019-28113

AFFECTED PRODUCTS

vendor:lcdsmodel:laquis scadascope:eqversion:4.3.1.71

Trust: 1.4

vendor:laquisscadamodel:scadascope:eqversion:4.3.1.71

Trust: 1.0

vendor:laquismodel:scadascope: - version: -

Trust: 0.7

vendor:scadamodel: - scope:eqversion:4.3.1.71

Trust: 0.2

sources: IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572 // ZDI: ZDI-19-688 // CNVD: CNVD-2019-28113 // JVNDB: JVNDB-2019-007543 // NVD: CVE-2019-10994

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10994
value: LOW

Trust: 1.0

NVD: CVE-2019-10994
value: LOW

Trust: 0.8

ZDI: CVE-2019-10994
value: LOW

Trust: 0.7

CNVD: CNVD-2019-28113
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-143
value: LOW

Trust: 0.6

IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572
value: LOW

Trust: 0.2

nvd@nist.gov: CVE-2019-10994
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-28113
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-10994
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

ZDI: CVE-2019-10994
baseSeverity: LOW
baseScore: 2.5
vectorString: AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572 // ZDI: ZDI-19-688 // CNVD: CNVD-2019-28113 // JVNDB: JVNDB-2019-007543 // CNNVD: CNNVD-201908-143 // NVD: CVE-2019-10994

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2019-007543 // NVD: CVE-2019-10994

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-143

TYPE

Buffer error

Trust: 0.8

sources: IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572 // CNNVD: CNNVD-201908-143

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007543

PATCH

title:Top Pageurl:https://laquisscada.com/

Trust: 0.8

title:LAquis has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-19-213-06

Trust: 0.7

title:Patch for LCDS LAquis SCADA Buffer Overflow Vulnerability (CNVD-2019-28113)url:https://www.cnvd.org.cn/patchInfo/show/176009

Trust: 0.6

title:LCDS LAquis SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95905

Trust: 0.6

sources: ZDI: ZDI-19-688 // CNVD: CNVD-2019-28113 // JVNDB: JVNDB-2019-007543 // CNNVD: CNNVD-201908-143

EXTERNAL IDS

db:NVDid:CVE-2019-10994

Trust: 3.9

db:ICS CERTid:ICSA-19-213-06

Trust: 3.0

db:ZDIid:ZDI-19-688

Trust: 1.3

db:CNVDid:CNVD-2019-28113

Trust: 0.8

db:CNNVDid:CNNVD-201908-143

Trust: 0.8

db:JVNDBid:JVNDB-2019-007543

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-8198

Trust: 0.7

db:AUSCERTid:ESB-2019.2899

Trust: 0.6

db:IVDid:82947E4F-7B47-4A27-8C05-80E16EED7572

Trust: 0.2

sources: IVD: 82947e4f-7b47-4a27-8c05-80e16eed7572 // ZDI: ZDI-19-688 // CNVD: CNVD-2019-28113 // JVNDB: JVNDB-2019-007543 // CNNVD: CNNVD-201908-143 // NVD: CVE-2019-10994

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-213-06

Trust: 3.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-10994

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10994

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.2899/

Trust: 0.6

url:https://www.zerodayinitiative.com/advisories/zdi-19-688/

Trust: 0.6

sources: ZDI: ZDI-19-688 // CNVD: CNVD-2019-28113 // JVNDB: JVNDB-2019-007543 // CNNVD: CNNVD-201908-143 // NVD: CVE-2019-10994

CREDITS

Francis Provencher {PRL}

Trust: 1.3

sources: ZDI: ZDI-19-688 // CNNVD: CNNVD-201908-143

SOURCES

db:IVDid:82947e4f-7b47-4a27-8c05-80e16eed7572
db:ZDIid:ZDI-19-688
db:CNVDid:CNVD-2019-28113
db:JVNDBid:JVNDB-2019-007543
db:CNNVDid:CNNVD-201908-143
db:NVDid:CVE-2019-10994

LAST UPDATE DATE

2024-08-14T14:04:17.271000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-688date:2019-08-05T00:00:00
db:CNVDid:CNVD-2019-28113date:2019-08-20T00:00:00
db:JVNDBid:JVNDB-2019-007543date:2019-08-14T00:00:00
db:CNNVDid:CNNVD-201908-143date:2019-08-14T00:00:00
db:NVDid:CVE-2019-10994date:2019-10-09T23:45:10.150

SOURCES RELEASE DATE

db:IVDid:82947e4f-7b47-4a27-8c05-80e16eed7572date:2019-08-20T00:00:00
db:ZDIid:ZDI-19-688date:2019-08-05T00:00:00
db:CNVDid:CNVD-2019-28113date:2019-08-20T00:00:00
db:JVNDBid:JVNDB-2019-007543date:2019-08-14T00:00:00
db:CNNVDid:CNNVD-201908-143date:2019-08-01T00:00:00
db:NVDid:CVE-2019-10994date:2019-08-05T19:15:11.193