ID

VAR-202010-0862


CVE

CVE-2020-25188


TITLE

LCDS Made LAquis SCADA Out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-009053

DESCRIPTION

An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870). This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. LAquis SCADA is a set of SCADA software for monitoring and data acquisition. Versions prior to LAquis SCADA 4.3.1.870 have an out-of-bounds read vulnerability

Trust: 2.88

sources: NVD: CVE-2020-25188 // JVNDB: JVNDB-2020-009053 // ZDI: ZDI-20-1244 // CNVD: CNVD-2020-56118 // VULMON: CVE-2020-25188

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-56118

AFFECTED PRODUCTS

vendor:laquisscadamodel:scadascope:ltversion:4.3.1.870

Trust: 1.0

vendor:lcdsmodel:laquis scadascope:eqversion:version 4.3.1.870

Trust: 0.8

vendor:laquismodel:scadascope: - version: -

Trust: 0.7

vendor:lcdsmodel:leão consultoria e desenvolvimento de sistemas ltda me laquis scadascope:eqversion:-<4.3.1.870

Trust: 0.6

sources: ZDI: ZDI-20-1244 // CNVD: CNVD-2020-56118 // JVNDB: JVNDB-2020-009053 // NVD: CVE-2020-25188

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25188
value: HIGH

Trust: 1.0

IPA: JVNDB-2020-009053
value: HIGH

Trust: 0.8

ZDI: CVE-2020-25188
value: HIGH

Trust: 0.7

CNVD: CNVD-2020-56118
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202010-578
value: HIGH

Trust: 0.6

VULMON: CVE-2020-25188
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-25188
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2020-56118
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-25188
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-009053
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-25188
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-1244 // CNVD: CNVD-2020-56118 // VULMON: CVE-2020-25188 // JVNDB: JVNDB-2020-009053 // CNNVD: CNNVD-202010-578 // NVD: CVE-2020-25188

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2020-009053 // NVD: CVE-2020-25188

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-578

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-578

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009053

PATCH

title:Top Pageurl:https://laquisscada.com/

Trust: 0.8

title:LAquis has issued an update to correct this vulnerability.url:https://us-cert.cisa.gov/ics/advisories/icsa-20-287-02

Trust: 0.7

title:Patch for LAquis SCADA out-of-bounds read vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/236203

Trust: 0.6

title:LCDS LAquis SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131252

Trust: 0.6

sources: ZDI: ZDI-20-1244 // CNVD: CNVD-2020-56118 // JVNDB: JVNDB-2020-009053 // CNNVD: CNNVD-202010-578

EXTERNAL IDS

db:NVDid:CVE-2020-25188

Trust: 3.8

db:ICS CERTid:ICSA-20-287-02

Trust: 3.1

db:ZDIid:ZDI-20-1244

Trust: 2.4

db:JVNid:JVNVU93774209

Trust: 0.8

db:JVNDBid:JVNDB-2020-009053

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-11029

Trust: 0.7

db:CNVDid:CNVD-2020-56118

Trust: 0.6

db:AUSCERTid:ESB-2020.3528

Trust: 0.6

db:CNNVDid:CNNVD-202010-578

Trust: 0.6

db:VULMONid:CVE-2020-25188

Trust: 0.1

sources: ZDI: ZDI-20-1244 // CNVD: CNVD-2020-56118 // VULMON: CVE-2020-25188 // JVNDB: JVNDB-2020-009053 // CNNVD: CNNVD-202010-578 // NVD: CVE-2020-25188

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-287-02

Trust: 4.4

url:https://www.zerodayinitiative.com/advisories/zdi-20-1244/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-25188

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25188

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93774209/

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.3528/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/189765

Trust: 0.1

sources: ZDI: ZDI-20-1244 // CNVD: CNVD-2020-56118 // VULMON: CVE-2020-25188 // JVNDB: JVNDB-2020-009053 // CNNVD: CNNVD-202010-578 // NVD: CVE-2020-25188

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-20-1244

SOURCES

db:ZDIid:ZDI-20-1244
db:CNVDid:CNVD-2020-56118
db:VULMONid:CVE-2020-25188
db:JVNDBid:JVNDB-2020-009053
db:CNNVDid:CNNVD-202010-578
db:NVDid:CVE-2020-25188

LAST UPDATE DATE

2024-08-14T15:43:06.566000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-1244date:2020-10-14T00:00:00
db:CNVDid:CNVD-2020-56118date:2020-10-14T00:00:00
db:VULMONid:CVE-2020-25188date:2020-10-26T00:00:00
db:JVNDBid:JVNDB-2020-009053date:2020-10-15T00:00:00
db:CNNVDid:CNNVD-202010-578date:2020-10-27T00:00:00
db:NVDid:CVE-2020-25188date:2020-10-26T18:27:11.643

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-1244date:2020-10-14T00:00:00
db:CNVDid:CNVD-2020-56118date:2020-10-13T00:00:00
db:VULMONid:CVE-2020-25188date:2020-10-14T00:00:00
db:JVNDBid:JVNDB-2020-009053date:2020-10-15T00:00:00
db:CNNVDid:CNNVD-202010-578date:2020-10-13T00:00:00
db:NVDid:CVE-2020-25188date:2020-10-14T13:15:13.303