Details of VAR-202005-0047

ID

VAR-202005-0047

CVE

CVE-2020-10618

TITLE

LAquis SCADA LGX File Insufficient UI Warning Arbitrary File Creation Vulnerability

Trust: 3.5

sources: ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572

DESCRIPTION

LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. LCDS LAquis SCADA There is an information leakage vulnerability in.Information may be obtained. This vulnerability allows remote attackers to create arbitrary files on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the AddComboFile method when processing LGX files. When opening an LGX file, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to execute code in the context of the current user. LCDS LAquis SCADA is a set of SCADA (Data Acquisition and Monitoring Control) system of Brazilian LCDS company. The system is mainly used for data collection and process control of equipment with communication technology. LCDS LAquis SCADA 4.3.1 and previous versions have information disclosure vulnerabilities that attackers can use to obtain sensitive information

Trust: 5.76

sources: NVD: CVE-2020-10618 // JVNDB: JVNDB-2020-004086 // ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572 // CNVD: CNVD-2020-25541 // IVD: 7f54c799-0a6a-4821-a63f-60ba2b9c8dc6 // IVD: b696a7b5-01b0-4388-a850-54610146e78f // VULMON: CVE-2020-10618

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 7f54c799-0a6a-4821-a63f-60ba2b9c8dc6 // IVD: b696a7b5-01b0-4388-a850-54610146e78f // CNVD: CNVD-2020-25541

AFFECTED PRODUCTS

vendor:	laquis	model:	scada	scope:	-	version:	-	Trust: 3.5
vendor:	lcds	model:	laquis scada	scope:	lte	version:	4.3.1	Trust: 1.0
vendor:	lcds	model:	laquis scada	scope:	eq	version:	4.3.1	Trust: 0.9
vendor:	lcds	model:	laquis scada	scope:	lte	version:	<=4.3.1	Trust: 0.6
vendor:	laquis scada	model:	-	scope:	eq	version:	*	Trust: 0.4

sources: IVD: 7f54c799-0a6a-4821-a63f-60ba2b9c8dc6 // IVD: b696a7b5-01b0-4388-a850-54610146e78f // ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572 // CNVD: CNVD-2020-25541 // VULMON: CVE-2020-10618 // JVNDB: JVNDB-2020-004086 // NVD: CVE-2020-10618

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2020-10618
value:	HIGH
Trust: 3.5
nvd@nist.gov:	CVE-2020-10618
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-004086
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-25541
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2355
value:	MEDIUM
Trust: 0.6
IVD:	7f54c799-0a6a-4821-a63f-60ba2b9c8dc6
value:	MEDIUM
Trust: 0.2
IVD:	b696a7b5-01b0-4388-a850-54610146e78f
value:	MEDIUM
Trust: 0.2
VULMON:	CVE-2020-10618
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-10618
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-004086
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-25541
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7f54c799-0a6a-4821-a63f-60ba2b9c8dc6
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	b696a7b5-01b0-4388-a850-54610146e78f
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

ZDI:	CVE-2020-10618
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 3.5
nvd@nist.gov:	CVE-2020-10618
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004086
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2020-004086 // NVD: CVE-2020-10618

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2355

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-2355

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004086

PATCH

title:	LAquis has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-20-119-01	Trust: 3.5
title:	Top Page	url:	https://laquisscada.com/	Trust: 0.8
title:	Patch for LCDS LAquis SCADA Information Disclosure Vulnerability (CNVD-2020-25541)	url:	https://www.cnvd.org.cn/patchInfo/show/215717	Trust: 0.6
title:	LCDS LAquis SCADA Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117923	Trust: 0.6

sources: ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572 // CNVD: CNVD-2020-25541 // JVNDB: JVNDB-2020-004086 // CNNVD: CNNVD-202004-2355

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10618	Trust: 7.0
db:	ICS CERT	id:	ICSA-20-119-01	Trust: 3.1
db:	ZDI	id:	ZDI-20-575	Trust: 1.3
db:	CNVD	id:	CNVD-2020-25541	Trust: 1.0
db:	CNNVD	id:	CNNVD-202004-2355	Trust: 1.0
db:	JVN	id:	JVNVU97783982	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-004086	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10319	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10317	Trust: 0.7
db:	ZDI	id:	ZDI-20-571	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10316	Trust: 0.7
db:	ZDI	id:	ZDI-20-574	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10197	Trust: 0.7
db:	ZDI	id:	ZDI-20-573	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10318	Trust: 0.7
db:	ZDI	id:	ZDI-20-572	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1589	Trust: 0.6
db:	NSFOCUS	id:	46599	Trust: 0.6
db:	IVD	id:	7F54C799-0A6A-4821-A63F-60BA2B9C8DC6	Trust: 0.2
db:	IVD	id:	B696A7B5-01B0-4388-A850-54610146E78F	Trust: 0.2
db:	VULMON	id:	CVE-2020-10618	Trust: 0.1

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-119-01	Trust: 6.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10618	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10618	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu97783982/	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/46599	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-20-575/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1589/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/180953	Trust: 0.1

sources: ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572 // CNVD: CNVD-2020-25541 // VULMON: CVE-2020-10618 // JVNDB: JVNDB-2020-004086 // CNNVD: CNNVD-202004-2355 // NVD: CVE-2020-10618

CREDITS

Natnael Samson (@NattiSamson)

Trust: 3.5

sources: ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572

SOURCES

db:	IVD	id:	7f54c799-0a6a-4821-a63f-60ba2b9c8dc6
db:	IVD	id:	b696a7b5-01b0-4388-a850-54610146e78f
db:	ZDI	id:	ZDI-20-575
db:	ZDI	id:	ZDI-20-571
db:	ZDI	id:	ZDI-20-574
db:	ZDI	id:	ZDI-20-573
db:	ZDI	id:	ZDI-20-572
db:	CNVD	id:	CNVD-2020-25541
db:	VULMON	id:	CVE-2020-10618
db:	JVNDB	id:	JVNDB-2020-004086
db:	CNNVD	id:	CNNVD-202004-2355
db:	NVD	id:	CVE-2020-10618

LAST UPDATE DATE

2024-08-14T14:03:48.449000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-575	date:	2020-04-30T00:00:00
db:	ZDI	id:	ZDI-20-571	date:	2020-04-30T00:00:00
db:	ZDI	id:	ZDI-20-574	date:	2020-04-30T00:00:00
db:	ZDI	id:	ZDI-20-573	date:	2020-04-30T00:00:00
db:	ZDI	id:	ZDI-20-572	date:	2020-04-30T00:00:00
db:	CNVD	id:	CNVD-2020-25541	date:	2020-04-29T00:00:00
db:	VULMON	id:	CVE-2020-10618	date:	2020-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-004086	date:	2020-05-07T00:00:00
db:	CNNVD	id:	CNNVD-202004-2355	date:	2020-05-08T00:00:00
db:	NVD	id:	CVE-2020-10618	date:	2021-09-14T14:09:27.290

SOURCES RELEASE DATE

db:	IVD	id:	7f54c799-0a6a-4821-a63f-60ba2b9c8dc6	date:	2020-04-28T00:00:00
db:	IVD	id:	b696a7b5-01b0-4388-a850-54610146e78f	date:	2020-04-28T00:00:00
db:	ZDI	id:	ZDI-20-575	date:	2020-04-30T00:00:00
db:	ZDI	id:	ZDI-20-571	date:	2020-04-30T00:00:00
db:	ZDI	id:	ZDI-20-574	date:	2020-04-30T00:00:00
db:	ZDI	id:	ZDI-20-573	date:	2020-04-30T00:00:00
db:	ZDI	id:	ZDI-20-572	date:	2020-04-30T00:00:00
db:	CNVD	id:	CNVD-2020-25541	date:	2020-04-29T00:00:00
db:	VULMON	id:	CVE-2020-10618	date:	2020-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-004086	date:	2020-05-07T00:00:00
db:	CNNVD	id:	CNNVD-202004-2355	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2020-10618	date:	2020-05-04T19:15:12.707