Details of VAR-202005-0050

ID

VAR-202005-0050

CVE

CVE-2020-10622

TITLE

LAquis SCADA LGX File Insufficient UI Warning Information Disclosure Vulnerability

Trust: 1.4

sources: ZDI: ZDI-20-577 // ZDI: ZDI-20-576

DESCRIPTION

LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users. LCDS LAquis SCADA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the File.Read method when processing LGX files. When opening an LGX file, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to disclose information in the context of the current user. LCDS LAquis SCADA is a set of SCADA (Data Acquisition and Monitoring Control) system of Brazilian LCDS company. The system is mainly used for data collection and process control of equipment with communication technology. LCDS LAquis SCADA 4.3.1 and previous versions have input validation error vulnerabilities that attackers can use to create arbitrary files. LCDS LAquis SCADA could allow a local authenticated malicious user to bypass security restrictions, caused by improper input validation

Trust: 3.87

sources: NVD: CVE-2020-10622 // JVNDB: JVNDB-2020-004085 // ZDI: ZDI-20-577 // ZDI: ZDI-20-576 // CNVD: CNVD-2020-25540 // IVD: 2ba5a840-cf61-46cb-ab45-c56275542767 // IVD: a9026409-b56d-425a-9e76-33b7cc1277a0 // VULMON: CVE-2020-10622

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 2ba5a840-cf61-46cb-ab45-c56275542767 // IVD: a9026409-b56d-425a-9e76-33b7cc1277a0 // CNVD: CNVD-2020-25540

AFFECTED PRODUCTS

vendor:	laquis	model:	scada	scope:	-	version:	-	Trust: 1.4
vendor:	lcds	model:	laquis scada	scope:	lte	version:	4.3.1	Trust: 1.0
vendor:	lcds	model:	laquis scada	scope:	eq	version:	4.3.1	Trust: 0.9
vendor:	lcds	model:	laquis scada	scope:	lte	version:	<=4.3.1	Trust: 0.6
vendor:	laquis scada	model:	-	scope:	eq	version:	*	Trust: 0.4

sources: IVD: 2ba5a840-cf61-46cb-ab45-c56275542767 // IVD: a9026409-b56d-425a-9e76-33b7cc1277a0 // ZDI: ZDI-20-577 // ZDI: ZDI-20-576 // CNVD: CNVD-2020-25540 // VULMON: CVE-2020-10622 // JVNDB: JVNDB-2020-004085 // NVD: CVE-2020-10622

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2020-10622
value:	MEDIUM
Trust: 1.4
nvd@nist.gov:	CVE-2020-10622
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-004085
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-25540
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2351
value:	HIGH
Trust: 0.6
IVD:	2ba5a840-cf61-46cb-ab45-c56275542767
value:	HIGH
Trust: 0.2
IVD:	a9026409-b56d-425a-9e76-33b7cc1277a0
value:	HIGH
Trust: 0.2
VULMON:	CVE-2020-10622
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-10622
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-004085
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-25540
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	2ba5a840-cf61-46cb-ab45-c56275542767
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	a9026409-b56d-425a-9e76-33b7cc1277a0
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

ZDI:	CVE-2020-10622
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.4
nvd@nist.gov:	CVE-2020-10622
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004085
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0

sources: NVD: CVE-2020-10622

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2351

TYPE

Input validation error

Trust: 1.0

sources: IVD: 2ba5a840-cf61-46cb-ab45-c56275542767 // IVD: a9026409-b56d-425a-9e76-33b7cc1277a0 // CNNVD: CNNVD-202004-2351

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004085

PATCH

title:	LAquis has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-20-119-01	Trust: 1.4
title:	Top Page	url:	https://laquisscada.com/	Trust: 0.8
title:	Patch for LCDS LAquis SCADA input verification error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/215721	Trust: 0.6
title:	LCDS LAquis SCADA Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117922	Trust: 0.6

sources: ZDI: ZDI-20-577 // ZDI: ZDI-20-576 // CNVD: CNVD-2020-25540 // JVNDB: JVNDB-2020-004085 // CNNVD: CNNVD-202004-2351

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10622	Trust: 4.9
db:	ICS CERT	id:	ICSA-20-119-01	Trust: 3.1
db:	ZDI	id:	ZDI-20-577	Trust: 1.3
db:	CNVD	id:	CNVD-2020-25540	Trust: 1.0
db:	CNNVD	id:	CNNVD-202004-2351	Trust: 1.0
db:	JVN	id:	JVNVU97783982	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-004085	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10321	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10320	Trust: 0.7
db:	ZDI	id:	ZDI-20-576	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1589	Trust: 0.6
db:	NSFOCUS	id:	46600	Trust: 0.6
db:	IVD	id:	2BA5A840-CF61-46CB-AB45-C56275542767	Trust: 0.2
db:	IVD	id:	A9026409-B56D-425A-9E76-33B7CC1277A0	Trust: 0.2
db:	VULMON	id:	CVE-2020-10622	Trust: 0.1

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-119-01	Trust: 4.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10622	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10622	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu97783982/	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/46600	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-20-577/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1589/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/180954	Trust: 0.1

sources: ZDI: ZDI-20-577 // ZDI: ZDI-20-576 // CNVD: CNVD-2020-25540 // VULMON: CVE-2020-10622 // JVNDB: JVNDB-2020-004085 // CNNVD: CNNVD-202004-2351 // NVD: CVE-2020-10622

CREDITS

Natnael Samson (@NattiSamson)

Trust: 1.4

sources: ZDI: ZDI-20-577 // ZDI: ZDI-20-576

SOURCES

db:	IVD	id:	2ba5a840-cf61-46cb-ab45-c56275542767
db:	IVD	id:	a9026409-b56d-425a-9e76-33b7cc1277a0
db:	ZDI	id:	ZDI-20-577
db:	ZDI	id:	ZDI-20-576
db:	CNVD	id:	CNVD-2020-25540
db:	VULMON	id:	CVE-2020-10622
db:	JVNDB	id:	JVNDB-2020-004085
db:	CNNVD	id:	CNNVD-202004-2351
db:	NVD	id:	CVE-2020-10622

LAST UPDATE DATE

2024-08-14T14:03:48.397000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-577	date:	2020-04-30T00:00:00
db:	ZDI	id:	ZDI-20-576	date:	2020-04-30T00:00:00
db:	CNVD	id:	CNVD-2020-25540	date:	2020-04-29T00:00:00
db:	VULMON	id:	CVE-2020-10622	date:	2020-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-004085	date:	2020-05-07T00:00:00
db:	CNNVD	id:	CNNVD-202004-2351	date:	2020-05-08T00:00:00
db:	NVD	id:	CVE-2020-10622	date:	2020-05-06T21:05:00.173

SOURCES RELEASE DATE

db:	IVD	id:	2ba5a840-cf61-46cb-ab45-c56275542767	date:	2020-04-28T00:00:00
db:	IVD	id:	a9026409-b56d-425a-9e76-33b7cc1277a0	date:	2020-04-28T00:00:00
db:	ZDI	id:	ZDI-20-577	date:	2020-04-30T00:00:00
db:	ZDI	id:	ZDI-20-576	date:	2020-04-30T00:00:00
db:	CNVD	id:	CNVD-2020-25540	date:	2020-04-29T00:00:00
db:	VULMON	id:	CVE-2020-10622	date:	2020-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-004085	date:	2020-05-07T00:00:00
db:	CNNVD	id:	CNNVD-202004-2351	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2020-10622	date:	2020-05-04T19:15:12.767