Search criteria
23 vulnerabilities by LCDS
CVE-2024-5040 (GCVE-0-2024-5040)
Vulnerability from cvelistv5 – Published: 2024-05-21 20:19 – Updated: 2024-08-01 21:03
VLAI?
Summary
There are multiple ways in
LCDS LAquis SCADA for an attacker to access locations outside of their own directory.
Severity ?
CWE
- CWE-22 - Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LCDS | LAquis SCADA |
Affected:
0 , ≤ 4.7.1.7
(custom)
|
Credits
Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "laquis_scada",
"vendor": "lcds",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T14:29:23.705386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:02:51.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:10.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-142-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LAquis SCADA",
"vendor": "LCDS",
"versions": [
{
"lessThanOrEqual": "4.7.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nThere are multiple ways in \nLCDS LAquis SCADA for an attacker to access locations outside of their own directory.\n\n"
}
],
"value": "There are multiple ways in \nLCDS LAquis SCADA for an attacker to access locations outside of their own directory."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T20:19:19.456Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-142-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nLCDS recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://laquisscada.com/\"\u003eversion 4.7.1.371 or newer of LAquis SCADA.\u003c/a\u003e which has been configured to resolve the reported path traversal issues.\n\n\u003cbr\u003e"
}
],
"value": "LCDS recommends users update to version 4.7.1.371 or newer of LAquis SCADA. https://laquisscada.com/ which has been configured to resolve the reported path traversal issues."
}
],
"source": {
"advisory": "ICSA-24-142-01",
"discovery": "EXTERNAL"
},
"title": "LCDS LAquis SCADA Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-5040",
"datePublished": "2024-05-21T20:19:19.456Z",
"dateReserved": "2024-05-16T23:41:33.314Z",
"dateUpdated": "2024-08-01T21:03:10.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32989 (GCVE-0-2021-32989)
Vulnerability from cvelistv5 – Published: 2022-05-25 13:31 – Updated: 2025-04-16 16:18
VLAI?
Summary
When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.
Severity ?
9.3 (Critical)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LCDS—Leão Consultoria e Desenvolvimento de Sistemas Ltda ME | LAquis SCADA |
Affected:
All , ≤ 4.3.1.1011
(custom)
|
Credits
Michael Heinzl reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:55:36.940023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:18:23.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LAquis SCADA",
"vendor": "LCDS\u2014Le\u00e3o Consultoria e Desenvolvimento de Sistemas Ltda ME",
"versions": [
{
"lessThanOrEqual": "4.3.1.1011",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-25T13:31:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-04"
}
],
"source": {
"advisory": "ICSA-21-208-04",
"discovery": "UNKNOWN"
},
"title": "LCDS LAquis SCADA - Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32989",
"STATE": "PUBLIC",
"TITLE": "LCDS LAquis SCADA - Cross-site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAquis SCADA",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "4.3.1.1011"
}
]
}
}
]
},
"vendor_name": "LCDS\u2014Le\u00e3o Consultoria e Desenvolvimento de Sistemas Ltda ME"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Heinzl reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-04",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-04"
}
]
},
"source": {
"advisory": "ICSA-21-208-04",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32989",
"datePublished": "2022-05-25T13:31:36.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:18:23.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10622 (GCVE-0-2020-10622)
Vulnerability from cvelistv5 – Published: 2020-05-04 18:26 – Updated: 2024-08-04 11:06
VLAI?
Summary
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users
Severity ?
No CVSS data available.
CWE
- CWE-20 - IMPROPER INPUT VALIDATION CWE-20
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | LCDS LAquis SCADA Versions 4.3.1 and prior |
Affected:
LCDS LAquis SCADA Versions 4.3.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-119-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS LAquis SCADA Versions 4.3.1 and prior",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "LCDS LAquis SCADA Versions 4.3.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "IMPROPER INPUT VALIDATION CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-04T18:26:04",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-119-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-10622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS LAquis SCADA Versions 4.3.1 and prior",
"version": {
"version_data": [
{
"version_value": "LCDS LAquis SCADA Versions 4.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-119-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-119-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10622",
"datePublished": "2020-05-04T18:26:04",
"dateReserved": "2020-03-16T00:00:00",
"dateUpdated": "2024-08-04T11:06:10.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10618 (GCVE-0-2020-10618)
Vulnerability from cvelistv5 – Published: 2020-05-04 18:24 – Updated: 2024-08-04 11:06
VLAI?
Summary
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users.
Severity ?
No CVSS data available.
CWE
- CWE-200 - EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | LCDS LAquis SCADA Versions 4.3.1 and prior |
Affected:
LCDS LAquis SCADA Versions 4.3.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-119-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS LAquis SCADA Versions 4.3.1 and prior",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "LCDS LAquis SCADA Versions 4.3.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-04T18:24:38",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-119-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-10618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS LAquis SCADA Versions 4.3.1 and prior",
"version": {
"version_data": [
{
"version_value": "LCDS LAquis SCADA Versions 4.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-119-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-119-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10618",
"datePublished": "2020-05-04T18:24:38",
"dateReserved": "2020-03-16T00:00:00",
"dateUpdated": "2024-08-04T11:06:10.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6536 (GCVE-0-2019-6536)
Vulnerability from cvelistv5 – Published: 2019-03-27 15:25 – Updated: 2024-08-04 20:23
VLAI?
Summary
Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-Bounds Write CWE-787
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME | LAquis SCADA |
Affected:
< 4.3.1.71
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-307/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAquis SCADA",
"vendor": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas Ltda ME",
"versions": [
{
"status": "affected",
"version": "\u003c 4.3.1.71"
}
]
}
],
"datePublic": "2019-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-Bounds Write CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T15:06:09",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-307/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-6536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAquis SCADA",
"version": {
"version_data": [
{
"version_value": "\u003c 4.3.1.71"
}
]
}
}
]
},
"vendor_name": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas Ltda ME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds Write CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-01"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-307/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-307/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6536",
"datePublished": "2019-03-27T15:25:23",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-08-04T20:23:21.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19000 (GCVE-0-2018-19000)
Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-16 19:57
VLAI?
Summary
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.
Severity ?
No CVSS data available.
CWE
- CWE-288 - AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | LCDS Laquis SCADA |
Affected:
All versions prior to version 4.1.0.4150
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS Laquis SCADA",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.1.0.4150"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-06T10:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-15T00:00:00",
"ID": "CVE-2018-19000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS Laquis SCADA",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.1.0.4150"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-19000",
"datePublished": "2019-02-05T18:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-16T19:57:27.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19002 (GCVE-0-2018-19002)
Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-16 20:27
VLAI?
Summary
LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash.
Severity ?
No CVSS data available.
CWE
- CWE-94 - IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LCDS | LCDS Laquis SCADA |
Affected:
All versions prior to version 4.1.0.4150
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS Laquis SCADA",
"vendor": "LCDS",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.1.0.4150"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "IMPROPER CONTROL OF GENERATION OF CODE (\u0027CODE INJECTION\u0027) CWE-94",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-06T10:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-15T00:00:00",
"ID": "CVE-2018-19002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS Laquis SCADA",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.1.0.4150"
}
]
}
}
]
},
"vendor_name": "LCDS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER CONTROL OF GENERATION OF CODE (\u0027CODE INJECTION\u0027) CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-19002",
"datePublished": "2019-02-05T18:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-16T20:27:21.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18992 (GCVE-0-2018-18992)
Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-16 18:09
VLAI?
Summary
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.
Severity ?
No CVSS data available.
CWE
- CWE-74 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT ('INJECTION') CWE-74
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | LCDS Laquis SCADA |
Affected:
All versions prior to version 4.1.0.4150
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS Laquis SCADA",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.1.0.4150"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT (\u0027INJECTION\u0027) CWE-74",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-06T10:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-15T00:00:00",
"ID": "CVE-2018-18992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS Laquis SCADA",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.1.0.4150"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT (\u0027INJECTION\u0027) CWE-74"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-18992",
"datePublished": "2019-02-05T18:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-16T18:09:12.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18996 (GCVE-0-2018-18996)
Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-16 22:46
VLAI?
Summary
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.
Severity ?
No CVSS data available.
CWE
- CWE-74 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT ('INJECTION') CWE-74
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | LCDS Laquis SCADA |
Affected:
All versions prior to version 4.1.0.4150
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS Laquis SCADA",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.1.0.4150"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT (\u0027INJECTION\u0027) CWE-74",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-06T10:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-15T00:00:00",
"ID": "CVE-2018-18996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS Laquis SCADA",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.1.0.4150"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT (\u0027INJECTION\u0027) CWE-74"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-18996",
"datePublished": "2019-02-05T18:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-16T22:46:36.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19029 (GCVE-0-2018-19029)
Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-16 22:25
VLAI?
Summary
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash.
Severity ?
No CVSS data available.
CWE
- CWE-822 - UNTRUSTED POINTER DEREFERENCE CWE-822
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LCDS | LCDS Laquis SCADA |
Affected:
All versions prior to version 4.1.0.4150
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS Laquis SCADA",
"vendor": "LCDS",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.1.0.4150"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "UNTRUSTED POINTER DEREFERENCE CWE-822",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-06T10:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-15T00:00:00",
"ID": "CVE-2018-19029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS Laquis SCADA",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.1.0.4150"
}
]
}
}
]
},
"vendor_name": "LCDS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNTRUSTED POINTER DEREFERENCE CWE-822"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-19029",
"datePublished": "2019-02-05T18:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-16T22:25:18.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18986 (GCVE-0-2018-18986)
Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-17 00:17
VLAI?
Summary
LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution.
Severity ?
No CVSS data available.
CWE
- CWE-787 - OUT-OF-BOUNDS WRITE CWE-787
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LCDS | LCDS Laquis SCADA |
Affected:
All versions prior to version 4.1.0.4150
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS Laquis SCADA",
"vendor": "LCDS",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.1.0.4150"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "OUT-OF-BOUNDS WRITE CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-06T10:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-15T00:00:00",
"ID": "CVE-2018-18986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS Laquis SCADA",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.1.0.4150"
}
]
}
}
]
},
"vendor_name": "LCDS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS WRITE CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-18986",
"datePublished": "2019-02-05T18:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-17T00:17:11.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18998 (GCVE-0-2018-18998)
Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-16 20:16
VLAI?
Summary
LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges.
Severity ?
No CVSS data available.
CWE
- CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | LCDS Laquis SCADA |
Affected:
All versions prior to version 4.1.0.4150
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS Laquis SCADA",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.1.0.4150"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "USE OF HARD-CODED CREDENTIALS CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-06T10:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-15T00:00:00",
"ID": "CVE-2018-18998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS Laquis SCADA",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.1.0.4150"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-18998",
"datePublished": "2019-02-05T18:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-16T20:16:26.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18990 (GCVE-0-2018-18990)
Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-17 01:21
VLAI?
Summary
LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.
Severity ?
No CVSS data available.
CWE
- CWE-23 - RELATIVE PATH TRAVERSAL CWE-23
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | LCDS Laquis SCADA |
Affected:
All versions prior to version 4.1.0.4150
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS Laquis SCADA",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.1.0.4150"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "RELATIVE PATH TRAVERSAL CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-06T10:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-15T00:00:00",
"ID": "CVE-2018-18990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS Laquis SCADA",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.1.0.4150"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RELATIVE PATH TRAVERSAL CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-18990",
"datePublished": "2019-02-05T18:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-17T01:21:51.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19004 (GCVE-0-2018-19004)
Vulnerability from cvelistv5 – Published: 2019-02-01 18:00 – Updated: 2024-09-16 18:44
VLAI?
Summary
LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration.
Severity ?
No CVSS data available.
CWE
- CWE-125 - OUT-OF-BOUNDS READ CWE-125
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | LCDS Laquis SCADA |
Affected:
All versions prior to version 4.1.0.4150
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS Laquis SCADA",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.1.0.4150"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "OUT-OF-BOUNDS READ CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-02T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-15T00:00:00",
"ID": "CVE-2018-19004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS Laquis SCADA",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.1.0.4150"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS READ CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-19004",
"datePublished": "2019-02-01T18:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-16T18:44:50.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18988 (GCVE-0-2018-18988)
Vulnerability from cvelistv5 – Published: 2019-02-01 17:00 – Updated: 2024-09-16 17:14
VLAI?
Summary
LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.
Severity ?
No CVSS data available.
CWE
- CWE-125 - OUT-OF-BOUNDS READ CWE-125
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | LCDS Laquis SCADA |
Affected:
All versions prior to version 4.1.0.4150
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS Laquis SCADA",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.1.0.4150"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "OUT-OF-BOUNDS READ CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-02T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-15T00:00:00",
"ID": "CVE-2018-18988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS Laquis SCADA",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.1.0.4150"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS READ CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
},
{
"name": "106634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-18988",
"datePublished": "2019-02-01T17:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-16T17:14:06.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17911 (GCVE-0-2018-17911)
Vulnerability from cvelistv5 – Published: 2018-10-17 02:00 – Updated: 2024-09-16 18:34
VLAI?
Summary
LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution.
Severity ?
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME | LAquis SCADA |
Affected:
4.1.0.3870 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://laquisscada.com/instale1.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAquis SCADA",
"vendor": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME",
"versions": [
{
"status": "affected",
"version": "4.1.0.3870 and prior"
}
]
}
],
"datePublic": "2018-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T01:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://laquisscada.com/instale1.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-16T00:00:00",
"ID": "CVE-2018-17911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAquis SCADA",
"version": {
"version_data": [
{
"version_value": "4.1.0.3870 and prior"
}
]
}
}
]
},
"vendor_name": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://laquisscada.com/instale1.php",
"refsource": "MISC",
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17911",
"datePublished": "2018-10-17T02:00:00Z",
"dateReserved": "2018-10-02T00:00:00",
"dateUpdated": "2024-09-16T18:34:43.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17895 (GCVE-0-2018-17895)
Vulnerability from cvelistv5 – Published: 2018-10-17 02:00 – Updated: 2024-09-17 02:52
VLAI?
Summary
LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which may allow remote code execution.
Severity ?
No CVSS data available.
CWE
- CWE-125 - OUT-OF-BOUNDS READ CWE-125
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME | LAquis SCADA |
Affected:
4.1.0.3870 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "105719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105719"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAquis SCADA",
"vendor": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME",
"versions": [
{
"status": "affected",
"version": "4.1.0.3870 and prior"
}
]
}
],
"datePublic": "2018-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "OUT-OF-BOUNDS READ CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "105719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105719"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-16T00:00:00",
"ID": "CVE-2018-17895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAquis SCADA",
"version": {
"version_data": [
{
"version_value": "4.1.0.3870 and prior"
}
]
}
}
]
},
"vendor_name": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS READ CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://laquisscada.com/instale1.php",
"refsource": "MISC",
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "105719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105719"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17895",
"datePublished": "2018-10-17T02:00:00Z",
"dateReserved": "2018-10-02T00:00:00",
"dateUpdated": "2024-09-17T02:52:22.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17893 (GCVE-0-2018-17893)
Vulnerability from cvelistv5 – Published: 2018-10-17 02:00 – Updated: 2024-09-17 03:13
VLAI?
Summary
LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution.
Severity ?
No CVSS data available.
CWE
- CWE-822 - UNTRUSTED POINTER DEREFERENCE CWE-822
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME | LAquis SCADA |
Affected:
4.1.0.3870 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "105719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105719"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAquis SCADA",
"vendor": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME",
"versions": [
{
"status": "affected",
"version": "4.1.0.3870 and prior"
}
]
}
],
"datePublic": "2018-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "UNTRUSTED POINTER DEREFERENCE CWE-822",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "105719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105719"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-16T00:00:00",
"ID": "CVE-2018-17893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAquis SCADA",
"version": {
"version_data": [
{
"version_value": "4.1.0.3870 and prior"
}
]
}
}
]
},
"vendor_name": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNTRUSTED POINTER DEREFERENCE CWE-822"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://laquisscada.com/instale1.php",
"refsource": "MISC",
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "105719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105719"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17893",
"datePublished": "2018-10-17T02:00:00Z",
"dateReserved": "2018-10-02T00:00:00",
"dateUpdated": "2024-09-17T03:13:47.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17899 (GCVE-0-2018-17899)
Vulnerability from cvelistv5 – Published: 2018-10-17 02:00 – Updated: 2024-09-17 00:45
VLAI?
Summary
LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution.
Severity ?
No CVSS data available.
CWE
- CWE-22 - PATH TRAVERSAL CWE-22
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME | LAquis SCADA |
Affected:
4.1.0.3870 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "105719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105719"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAquis SCADA",
"vendor": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME",
"versions": [
{
"status": "affected",
"version": "4.1.0.3870 and prior"
}
]
}
],
"datePublic": "2018-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "PATH TRAVERSAL CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "105719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105719"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-16T00:00:00",
"ID": "CVE-2018-17899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAquis SCADA",
"version": {
"version_data": [
{
"version_value": "4.1.0.3870 and prior"
}
]
}
}
]
},
"vendor_name": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "PATH TRAVERSAL CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://laquisscada.com/instale1.php",
"refsource": "MISC",
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "105719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105719"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17899",
"datePublished": "2018-10-17T02:00:00Z",
"dateReserved": "2018-10-02T00:00:00",
"dateUpdated": "2024-09-17T00:45:27.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17901 (GCVE-0-2018-17901)
Vulnerability from cvelistv5 – Published: 2018-10-17 02:00 – Updated: 2024-09-16 21:57
VLAI?
Summary
LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process.
Severity ?
No CVSS data available.
CWE
- CWE-787 - OUT-OF-BOUNDS WRITE CWE-787
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME | LAquis SCADA |
Affected:
4.1.0.3870 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://laquisscada.com/instale1.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAquis SCADA",
"vendor": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME",
"versions": [
{
"status": "affected",
"version": "4.1.0.3870 and prior"
}
]
}
],
"datePublic": "2018-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "OUT-OF-BOUNDS WRITE CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T01:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://laquisscada.com/instale1.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-16T00:00:00",
"ID": "CVE-2018-17901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAquis SCADA",
"version": {
"version_data": [
{
"version_value": "4.1.0.3870 and prior"
}
]
}
}
]
},
"vendor_name": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS WRITE CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://laquisscada.com/instale1.php",
"refsource": "MISC",
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17901",
"datePublished": "2018-10-17T02:00:00Z",
"dateReserved": "2018-10-02T00:00:00",
"dateUpdated": "2024-09-16T21:57:33.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17897 (GCVE-0-2018-17897)
Vulnerability from cvelistv5 – Published: 2018-10-17 02:00 – Updated: 2024-08-05 11:01
VLAI?
Summary
LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "105719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105719"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "105719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105719"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-17897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://laquisscada.com/instale1.php",
"refsource": "MISC",
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "105719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105719"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17897",
"datePublished": "2018-10-17T02:00:00",
"dateReserved": "2018-10-02T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6020 (GCVE-0-2017-6020)
Vulnerability from cvelistv5 – Published: 2018-04-17 14:00 – Updated: 2024-09-17 04:14
VLAI?
Summary
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.
Severity ?
No CVSS data available.
CWE
- CWE-22 - Path traversal CWE-22
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME | LAquis SCADA software |
Affected:
versions prior to version 4.1.0.3237
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42885",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42885/"
},
{
"name": "97055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97055"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAquis SCADA software",
"vendor": "LCDS - Le\u00c3\u00a3o Consultoria e Desenvolvimento de Sistemas LTDA ME",
"versions": [
{
"status": "affected",
"version": "versions prior to version 4.1.0.3237"
}
]
}
],
"datePublic": "2017-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path traversal CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "42885",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42885/"
},
{
"name": "97055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97055"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-03-23T00:00:00",
"ID": "CVE-2017-6020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAquis SCADA software",
"version": {
"version_data": [
{
"version_value": "versions prior to version 4.1.0.3237"
}
]
}
}
]
},
"vendor_name": "LCDS - Le\u00c3\u00a3o Consultoria e Desenvolvimento de Sistemas LTDA ME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42885",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42885/"
},
{
"name": "97055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97055"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6020",
"datePublished": "2018-04-17T14:00:00Z",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-09-17T04:14:47.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5463 (GCVE-0-2018-5463)
Vulnerability from cvelistv5 – Published: 2018-04-09 21:00 – Updated: 2024-09-16 20:26
VLAI?
Summary
A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution.
Severity ?
No CVSS data available.
CWE
- CWE-703 - IMPROPER CHECK OR HANDLING OF EXCEPTIONAL CONDITIONS CWE-703
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA |
Affected:
4.1.0.3391 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03"
},
{
"name": "103724",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LCDS - Le\u0026#195;\u0026#163;o Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "4.1.0.3391 and prior"
}
]
}
],
"datePublic": "2018-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "IMPROPER CHECK OR HANDLING OF EXCEPTIONAL CONDITIONS CWE-703",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T09:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03"
},
{
"name": "103724",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-04-05T00:00:00",
"ID": "CVE-2018-5463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS - Le\u0026#195;\u0026#163;o Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA",
"version": {
"version_data": [
{
"version_value": "4.1.0.3391 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER CHECK OR HANDLING OF EXCEPTIONAL CONDITIONS CWE-703"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03"
},
{
"name": "103724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5463",
"datePublished": "2018-04-09T21:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T20:26:49.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}