ID

VAR-202005-0047


CVE

CVE-2020-10618


TITLE

LAquis SCADA LGX File Insufficient UI Warning Arbitrary File Creation Vulnerability

Trust: 3.5

sources: ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572

DESCRIPTION

LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. LCDS LAquis SCADA There is an information leakage vulnerability in.Information may be obtained. This vulnerability allows remote attackers to create arbitrary files on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the AddComboFile method when processing LGX files. When opening an LGX file, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to execute code in the context of the current user. LCDS LAquis SCADA is a set of SCADA (Data Acquisition and Monitoring Control) system of Brazilian LCDS company. The system is mainly used for data collection and process control of equipment with communication technology. LCDS LAquis SCADA 4.3.1 and previous versions have information disclosure vulnerabilities that attackers can use to obtain sensitive information

Trust: 5.76

sources: NVD: CVE-2020-10618 // JVNDB: JVNDB-2020-004086 // ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572 // CNVD: CNVD-2020-25541 // IVD: 7f54c799-0a6a-4821-a63f-60ba2b9c8dc6 // IVD: b696a7b5-01b0-4388-a850-54610146e78f // VULMON: CVE-2020-10618

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 7f54c799-0a6a-4821-a63f-60ba2b9c8dc6 // IVD: b696a7b5-01b0-4388-a850-54610146e78f // CNVD: CNVD-2020-25541

AFFECTED PRODUCTS

vendor:laquismodel:scadascope: - version: -

Trust: 3.5

vendor:lcdsmodel:laquis scadascope:lteversion:4.3.1

Trust: 1.0

vendor:lcdsmodel:laquis scadascope:eqversion:4.3.1

Trust: 0.9

vendor:lcdsmodel:laquis scadascope:lteversion:<=4.3.1

Trust: 0.6

vendor:laquis scadamodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 7f54c799-0a6a-4821-a63f-60ba2b9c8dc6 // IVD: b696a7b5-01b0-4388-a850-54610146e78f // ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572 // CNVD: CNVD-2020-25541 // VULMON: CVE-2020-10618 // JVNDB: JVNDB-2020-004086 // NVD: CVE-2020-10618

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2020-10618
value: HIGH

Trust: 3.5

nvd@nist.gov: CVE-2020-10618
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-004086
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-25541
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2355
value: MEDIUM

Trust: 0.6

IVD: 7f54c799-0a6a-4821-a63f-60ba2b9c8dc6
value: MEDIUM

Trust: 0.2

IVD: b696a7b5-01b0-4388-a850-54610146e78f
value: MEDIUM

Trust: 0.2

VULMON: CVE-2020-10618
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-10618
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004086
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-25541
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7f54c799-0a6a-4821-a63f-60ba2b9c8dc6
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: b696a7b5-01b0-4388-a850-54610146e78f
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

ZDI: CVE-2020-10618
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 3.5

nvd@nist.gov: CVE-2020-10618
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004086
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 7f54c799-0a6a-4821-a63f-60ba2b9c8dc6 // IVD: b696a7b5-01b0-4388-a850-54610146e78f // ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572 // CNVD: CNVD-2020-25541 // VULMON: CVE-2020-10618 // JVNDB: JVNDB-2020-004086 // CNNVD: CNNVD-202004-2355 // NVD: CVE-2020-10618

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2020-004086 // NVD: CVE-2020-10618

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2355

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-2355

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004086

PATCH

title:LAquis has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-119-01

Trust: 3.5

title:Top Pageurl:https://laquisscada.com/

Trust: 0.8

title:Patch for LCDS LAquis SCADA Information Disclosure Vulnerability (CNVD-2020-25541)url:https://www.cnvd.org.cn/patchInfo/show/215717

Trust: 0.6

title:LCDS LAquis SCADA Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117923

Trust: 0.6

sources: ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572 // CNVD: CNVD-2020-25541 // JVNDB: JVNDB-2020-004086 // CNNVD: CNNVD-202004-2355

EXTERNAL IDS

db:NVDid:CVE-2020-10618

Trust: 7.0

db:ICS CERTid:ICSA-20-119-01

Trust: 3.1

db:ZDIid:ZDI-20-575

Trust: 1.3

db:CNVDid:CNVD-2020-25541

Trust: 1.0

db:CNNVDid:CNNVD-202004-2355

Trust: 1.0

db:JVNid:JVNVU97783982

Trust: 0.8

db:JVNDBid:JVNDB-2020-004086

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-10319

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10317

Trust: 0.7

db:ZDIid:ZDI-20-571

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10316

Trust: 0.7

db:ZDIid:ZDI-20-574

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10197

Trust: 0.7

db:ZDIid:ZDI-20-573

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10318

Trust: 0.7

db:ZDIid:ZDI-20-572

Trust: 0.7

db:AUSCERTid:ESB-2020.1589

Trust: 0.6

db:NSFOCUSid:46599

Trust: 0.6

db:IVDid:7F54C799-0A6A-4821-A63F-60BA2B9C8DC6

Trust: 0.2

db:IVDid:B696A7B5-01B0-4388-A850-54610146E78F

Trust: 0.2

db:VULMONid:CVE-2020-10618

Trust: 0.1

sources: IVD: 7f54c799-0a6a-4821-a63f-60ba2b9c8dc6 // IVD: b696a7b5-01b0-4388-a850-54610146e78f // ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572 // CNVD: CNVD-2020-25541 // VULMON: CVE-2020-10618 // JVNDB: JVNDB-2020-004086 // CNNVD: CNNVD-202004-2355 // NVD: CVE-2020-10618

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-119-01

Trust: 6.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-10618

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10618

Trust: 0.8

url:https://jvn.jp/vu/jvnvu97783982/

Trust: 0.8

url:http://www.nsfocus.net/vulndb/46599

Trust: 0.6

url:https://www.zerodayinitiative.com/advisories/zdi-20-575/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1589/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/180953

Trust: 0.1

sources: ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572 // CNVD: CNVD-2020-25541 // VULMON: CVE-2020-10618 // JVNDB: JVNDB-2020-004086 // CNNVD: CNNVD-202004-2355 // NVD: CVE-2020-10618

CREDITS

Natnael Samson (@NattiSamson)

Trust: 3.5

sources: ZDI: ZDI-20-575 // ZDI: ZDI-20-571 // ZDI: ZDI-20-574 // ZDI: ZDI-20-573 // ZDI: ZDI-20-572

SOURCES

db:IVDid:7f54c799-0a6a-4821-a63f-60ba2b9c8dc6
db:IVDid:b696a7b5-01b0-4388-a850-54610146e78f
db:ZDIid:ZDI-20-575
db:ZDIid:ZDI-20-571
db:ZDIid:ZDI-20-574
db:ZDIid:ZDI-20-573
db:ZDIid:ZDI-20-572
db:CNVDid:CNVD-2020-25541
db:VULMONid:CVE-2020-10618
db:JVNDBid:JVNDB-2020-004086
db:CNNVDid:CNNVD-202004-2355
db:NVDid:CVE-2020-10618

LAST UPDATE DATE

2024-08-14T14:03:48.449000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-575date:2020-04-30T00:00:00
db:ZDIid:ZDI-20-571date:2020-04-30T00:00:00
db:ZDIid:ZDI-20-574date:2020-04-30T00:00:00
db:ZDIid:ZDI-20-573date:2020-04-30T00:00:00
db:ZDIid:ZDI-20-572date:2020-04-30T00:00:00
db:CNVDid:CNVD-2020-25541date:2020-04-29T00:00:00
db:VULMONid:CVE-2020-10618date:2020-05-06T00:00:00
db:JVNDBid:JVNDB-2020-004086date:2020-05-07T00:00:00
db:CNNVDid:CNNVD-202004-2355date:2020-05-08T00:00:00
db:NVDid:CVE-2020-10618date:2021-09-14T14:09:27.290

SOURCES RELEASE DATE

db:IVDid:7f54c799-0a6a-4821-a63f-60ba2b9c8dc6date:2020-04-28T00:00:00
db:IVDid:b696a7b5-01b0-4388-a850-54610146e78fdate:2020-04-28T00:00:00
db:ZDIid:ZDI-20-575date:2020-04-30T00:00:00
db:ZDIid:ZDI-20-571date:2020-04-30T00:00:00
db:ZDIid:ZDI-20-574date:2020-04-30T00:00:00
db:ZDIid:ZDI-20-573date:2020-04-30T00:00:00
db:ZDIid:ZDI-20-572date:2020-04-30T00:00:00
db:CNVDid:CNVD-2020-25541date:2020-04-29T00:00:00
db:VULMONid:CVE-2020-10618date:2020-05-04T00:00:00
db:JVNDBid:JVNDB-2020-004086date:2020-05-07T00:00:00
db:CNNVDid:CNNVD-202004-2355date:2020-04-28T00:00:00
db:NVDid:CVE-2020-10618date:2020-05-04T19:15:12.707