Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    74 vulnerabilities by LCDS

    VAR-201902-0647

    Vulnerability from variot - Updated: 2024-07-23 22:32

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. Script embedded in a crafted file can create files in arbitrary locations using the Ini.WriteString method. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the Memory.Integer method. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the aq process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0647",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "software",
            "scope": null,
            "trust": 9.8,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "lcds",
            "version": "4.1.0.4150"
          },
          {
            "model": "le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d851b30-463f-11e9-9851-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-072"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-079"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-089"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-075"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-087"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-077"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-096"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-078"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-073"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-093"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-088"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-069"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-083"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02384"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18988"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.0.4150",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18988"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Esteban Ruiz (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-072"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-079"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-089"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-075"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-087"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-077"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-096"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-078"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-073"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-093"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-088"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-069"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-083"
          }
        ],
        "trust": 9.8
      },
      "cve": "CVE-2018-18988",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-18988",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 4.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-18988",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 4.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-02384",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d851b30-463f-11e9-9851-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-18988",
                "trust": 4.9,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-18988",
                "trust": 4.9,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-18988",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-02384",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-510",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d851b30-463f-11e9-9851-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d851b30-463f-11e9-9851-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-072"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-079"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-089"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-075"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-087"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-077"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-096"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-078"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-073"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-093"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-088"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-069"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-083"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02384"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-510"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18988"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. Script embedded in a crafted file can create files in arbitrary locations using the Ini.WriteString method. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the Memory.Integer method. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the aq process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18988"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-072"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-083"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-069"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-088"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-093"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-073"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-078"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-096"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-077"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-087"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-075"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-089"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-079"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-070"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02384"
          },
          {
            "db": "IVD",
            "id": "7d851b30-463f-11e9-9851-000c29342cb1"
          }
        ],
        "trust": 10.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-18988",
            "trust": 12.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01",
            "trust": 2.2
          },
          {
            "db": "BID",
            "id": "106634",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02384",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-510",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6568",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-072",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6579",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-070",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6575",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-079",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6626",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-089",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6571",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-075",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6624",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-087",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6573",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-077",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6681",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-096",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6574",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-078",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6569",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-073",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6678",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-093",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6625",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-088",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6491",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-069",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6620",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-083",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "7D851B30-463F-11E9-9851-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d851b30-463f-11e9-9851-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-072"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-079"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-089"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-075"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-087"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-077"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-096"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-078"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-073"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-093"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-088"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-069"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-083"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02384"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-510"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18988"
          }
        ]
      },
      "id": "VAR-201902-0647",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d851b30-463f-11e9-9851-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02384"
          }
        ],
        "trust": 1.5753561
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d851b30-463f-11e9-9851-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02384"
          }
        ]
      },
      "last_update_date": "2024-07-23T22:32:09.990000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 9.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "title": "LAquis SCADA Input Validation Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/150979"
          },
          {
            "title": "LAquis SCADA Enter the fix for the verification vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88655"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-072"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-079"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-089"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-075"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-087"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-077"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-096"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-078"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-073"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-093"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-088"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-069"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-083"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02384"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-510"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18988"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 12.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/106634"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-072"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-079"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-089"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-075"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-087"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-077"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-096"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-078"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-073"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-093"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-088"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-069"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-083"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02384"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-510"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18988"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d851b30-463f-11e9-9851-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-072"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-070"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-079"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-089"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-075"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-087"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-077"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-096"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-078"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-073"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-093"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-088"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-069"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-083"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02384"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-510"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18988"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-22T00:00:00",
            "db": "IVD",
            "id": "7d851b30-463f-11e9-9851-000c29342cb1"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-072"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-070"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-079"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-089"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-075"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-087"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-077"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-096"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-078"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-073"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-093"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-088"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-069"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-083"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02384"
          },
          {
            "date": "2019-01-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-510"
          },
          {
            "date": "2019-02-01T17:29:00.187000",
            "db": "NVD",
            "id": "CVE-2018-18988"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-072"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-070"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-079"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-089"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-075"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-087"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-077"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-096"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-078"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-073"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-093"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-088"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-069"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-083"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02384"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-510"
          },
          {
            "date": "2019-10-09T23:37:31.957000",
            "db": "NVD",
            "id": "CVE-2018-18988"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-510"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA Input validation vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "7d851b30-463f-11e9-9851-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02384"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input validation error",
        "sources": [
          {
            "db": "IVD",
            "id": "7d851b30-463f-11e9-9851-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-510"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201705-3185

    Vulnerability from variot - Updated: 2023-12-18 13:53

    An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges. LAquis SCADA is a tool and language for data collection, process monitoring, industrial automation, storage and reporting for quality management and application development. LAquis SCADA has a local access bypass vulnerability. With this vulnerability, an attacker can bypass unauthorized security operations by bypassing some security restrictions.

    CVE-2017-6016 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). Other vectors are possible as well.

    +++++

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3185",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ltda me laquis scada",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "leao consultoria e desenvolvimento de sistemas",
            "version": "4.1"
          },
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "lcds",
            "version": "4.1"
          },
          {
            "model": "ltda me laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "laquisscada",
            "version": "4.1"
          },
          {
            "model": "ltda me laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "leao consultoria e desenvolvimento de sistemas",
            "version": "4.1"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ltda me laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "08212888-7198-4132-aa3d-15ce85c5f3da"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05061"
          },
          {
            "db": "BID",
            "id": "96942"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004290"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-596"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:leao_consultoria_e_desenvolvimento_de_sistemas:ltda_me_laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6016"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Karn Ganeshen",
        "sources": [
          {
            "db": "BID",
            "id": "96942"
          },
          {
            "db": "PACKETSTORM",
            "id": "142043"
          }
        ],
        "trust": 0.4
      },
      "cve": "CVE-2017-6016",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-6016",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2017-05061",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "08212888-7198-4132-aa3d-15ce85c5f3da",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.3,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.3,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-6016",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-6016",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-05061",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201702-596",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "08212888-7198-4132-aa3d-15ce85c5f3da",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "08212888-7198-4132-aa3d-15ce85c5f3da"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004290"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-596"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges. LAquis SCADA is a tool and language for data collection, process monitoring, industrial automation, storage and reporting for quality management and application development. LAquis SCADA has a local access bypass vulnerability. With this vulnerability, an attacker can bypass unauthorized security operations by bypassing some security restrictions. \n\nCVE-2017-6016 has been assigned to this vulnerability. A CVSS v3 base score\nof 7.3 has been assigned; the CVSS vector string is\n(AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). Other vectors are\npossible as well. \n\n+++++\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004290"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05061"
          },
          {
            "db": "BID",
            "id": "96942"
          },
          {
            "db": "IVD",
            "id": "08212888-7198-4132-aa3d-15ce85c5f3da"
          },
          {
            "db": "PACKETSTORM",
            "id": "142043"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6016",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-075-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "96942",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05061",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-596",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004290",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "08212888-7198-4132-AA3D-15CE85C5F3DA",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "142043",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "08212888-7198-4132-aa3d-15ce85c5f3da"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05061"
          },
          {
            "db": "BID",
            "id": "96942"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004290"
          },
          {
            "db": "PACKETSTORM",
            "id": "142043"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-596"
          }
        ]
      },
      "id": "VAR-201705-3185",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "08212888-7198-4132-aa3d-15ce85c5f3da"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05061"
          }
        ],
        "trust": 1.5576448
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "08212888-7198-4132-aa3d-15ce85c5f3da"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05061"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:53:01.521000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.lcds.com.br/"
          },
          {
            "title": "LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA Fixes for access control error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99648"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004290"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-596"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004290"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6016"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-075-01"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/96942"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6016"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6016"
          },
          {
            "trust": 0.3,
            "url": "http://laquisscada.com/instale1.php"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-05061"
          },
          {
            "db": "BID",
            "id": "96942"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004290"
          },
          {
            "db": "PACKETSTORM",
            "id": "142043"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-596"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "08212888-7198-4132-aa3d-15ce85c5f3da"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05061"
          },
          {
            "db": "BID",
            "id": "96942"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004290"
          },
          {
            "db": "PACKETSTORM",
            "id": "142043"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-596"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-22T00:00:00",
            "db": "IVD",
            "id": "08212888-7198-4132-aa3d-15ce85c5f3da"
          },
          {
            "date": "2017-04-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-05061"
          },
          {
            "date": "2017-03-16T00:00:00",
            "db": "BID",
            "id": "96942"
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004290"
          },
          {
            "date": "2017-04-06T14:44:44",
            "db": "PACKETSTORM",
            "id": "142043"
          },
          {
            "date": "2017-05-19T03:29:00.403000",
            "db": "NVD",
            "id": "CVE-2017-6016"
          },
          {
            "date": "2017-02-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-596"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-05061"
          },
          {
            "date": "2017-03-23T01:01:00",
            "db": "BID",
            "id": "96942"
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004290"
          },
          {
            "date": "2019-10-09T23:28:33.527000",
            "db": "NVD",
            "id": "CVE-2017-6016"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-596"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "96942"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-596"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA Local Access Bypass Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "08212888-7198-4132-aa3d-15ce85c5f3da"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05061"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Access control error",
        "sources": [
          {
            "db": "IVD",
            "id": "08212888-7198-4132-aa3d-15ce85c5f3da"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-596"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201903-0180

    Vulnerability from variot - Updated: 2023-12-18 13:48

    Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process. LCDS LAquis SCADA ELS File Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of ELS files. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. There is an out-of-bounds write vulnerability in LCDS LAquis SCADA. LAquis SCADA is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition. LAquis SCADA 4.1.0.4150 is vulnerable; other versions may also be vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0180",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "lcds",
            "version": "4.1.0.4150"
          },
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "lcds",
            "version": "4.3.1.71"
          },
          {
            "model": "scada",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": null,
            "trust": 0.6,
            "vendor": "lcds",
            "version": null
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4150"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.3.1.71"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "4.1.0.4150"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "6957150b-ef62-4aad-a770-6439342094ff"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-307"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14979"
          },
          {
            "db": "BID",
            "id": "107418"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003018"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6536"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:4.1.0.4150:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-6536"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mat Powell of Trend Micro Zero Day Initiative",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-307"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2019-6536",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-6536",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-14979",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "6957150b-ef62-4aad-a770-6439342094ff",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-6536",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-6536",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-6536",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2019-6536",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-14979",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201903-575",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "6957150b-ef62-4aad-a770-6439342094ff",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "6957150b-ef62-4aad-a770-6439342094ff"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-307"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14979"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003018"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6536"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-575"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process. LCDS LAquis SCADA ELS File Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of ELS files. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. There is an out-of-bounds write vulnerability in LCDS LAquis SCADA. LAquis SCADA is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition. \nLAquis SCADA 4.1.0.4150 is vulnerable; other versions may also be vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-6536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003018"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-307"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14979"
          },
          {
            "db": "BID",
            "id": "107418"
          },
          {
            "db": "IVD",
            "id": "6957150b-ef62-4aad-a770-6439342094ff"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-6536",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-073-01",
            "trust": 3.3
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-307",
            "trust": 2.3
          },
          {
            "db": "BID",
            "id": "107418",
            "trust": 1.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14979",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-575",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003018",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7374",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.0846",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "6957150B-EF62-4AAD-A770-6439342094FF",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "6957150b-ef62-4aad-a770-6439342094ff"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-307"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14979"
          },
          {
            "db": "BID",
            "id": "107418"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003018"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6536"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-575"
          }
        ]
      },
      "id": "VAR-201903-0180",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "6957150b-ef62-4aad-a770-6439342094ff"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14979"
          }
        ],
        "trust": 1.4364672
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "6957150b-ef62-4aad-a770-6439342094ff"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14979"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:48:01.483000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "LAquis has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-073-01"
          },
          {
            "title": "Patch for LCDS LAquis SCADA Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/161905"
          },
          {
            "title": "LCDS LAquis SCADA Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90161"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-307"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14979"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003018"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-575"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003018"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6536"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-073-01"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-307/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6536"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6536"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/77214"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/107418"
          },
          {
            "trust": 0.3,
            "url": "http://laquisscada.com/instale1.php"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-307"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14979"
          },
          {
            "db": "BID",
            "id": "107418"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003018"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6536"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-575"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "6957150b-ef62-4aad-a770-6439342094ff"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-307"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14979"
          },
          {
            "db": "BID",
            "id": "107418"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003018"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6536"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-575"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-22T00:00:00",
            "db": "IVD",
            "id": "6957150b-ef62-4aad-a770-6439342094ff"
          },
          {
            "date": "2019-04-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-307"
          },
          {
            "date": "2019-05-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-14979"
          },
          {
            "date": "2019-03-14T00:00:00",
            "db": "BID",
            "id": "107418"
          },
          {
            "date": "2019-05-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003018"
          },
          {
            "date": "2019-03-27T16:29:00.780000",
            "db": "NVD",
            "id": "CVE-2019-6536"
          },
          {
            "date": "2019-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201903-575"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-307"
          },
          {
            "date": "2019-05-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-14979"
          },
          {
            "date": "2019-03-14T00:00:00",
            "db": "BID",
            "id": "107418"
          },
          {
            "date": "2019-05-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003018"
          },
          {
            "date": "2019-04-02T16:29:00.623000",
            "db": "NVD",
            "id": "CVE-2019-6536"
          },
          {
            "date": "2019-04-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201903-575"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-575"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS LAquis SCADA Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "6957150b-ef62-4aad-a770-6439342094ff"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-14979"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "6957150b-ef62-4aad-a770-6439342094ff"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-575"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201804-0506

    Vulnerability from variot - Updated: 2023-12-18 13:24

    Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level. Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA Contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability.The specific flaw exists within global processing of requests inside the web server. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. A security vulnerability exists in versions prior to LAquis SCADA 4.1.0.3237. LAquis SCADA Software is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0506",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.3237"
          },
          {
            "model": "software",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "-\u003c=4.1.0.3237"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3237"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ba452eb2-f54b-4527-b139-cb294893a8cf"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-286"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11031"
          },
          {
            "db": "BID",
            "id": "97055"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6020"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.0.3237",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6020"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Karn Ganeshen",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-286"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2017-6020",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-6020",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-6020",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-11031",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "ba452eb2-f54b-4527-b139-cb294893a8cf",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2017-6020",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-6020",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2017-6020",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-11031",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201702-592",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "ba452eb2-f54b-4527-b139-cb294893a8cf",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ba452eb2-f54b-4527-b139-cb294893a8cf"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-286"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6020"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-592"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level. Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA Contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability.The specific flaw exists within global processing of requests inside the web server. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations.  An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. A security vulnerability exists in versions prior to LAquis SCADA 4.1.0.3237. LAquis SCADA Software is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013274"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-286"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11031"
          },
          {
            "db": "BID",
            "id": "97055"
          },
          {
            "db": "IVD",
            "id": "ba452eb2-f54b-4527-b139-cb294893a8cf"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6020",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-082-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "97055",
            "trust": 1.9
          },
          {
            "db": "EXPLOIT-DB",
            "id": "42885",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11031",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-592",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013274",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4523",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-286",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "BA452EB2-F54B-4527-B139-CB294893A8CF",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ba452eb2-f54b-4527-b139-cb294893a8cf"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-286"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11031"
          },
          {
            "db": "BID",
            "id": "97055"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6020"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-592"
          }
        ]
      },
      "id": "VAR-201804-0506",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "ba452eb2-f54b-4527-b139-cb294893a8cf"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11031"
          }
        ],
        "trust": 1.5576448
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ba452eb2-f54b-4527-b139-cb294893a8cf"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11031"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:24:08.216000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.lcds.com.br/"
          },
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-082-01"
          },
          {
            "title": "LAquis SCADA Path Traversal Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/96375"
          },
          {
            "title": "LCDS LTDA ME LAquis SCADA Repair measures for path traversal vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99647"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-286"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-592"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6020"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-082-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/97055"
          },
          {
            "trust": 1.6,
            "url": "https://www.exploit-db.com/exploits/42885/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6020"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6020"
          },
          {
            "trust": 0.3,
            "url": "http://laquisscada.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-17-286"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11031"
          },
          {
            "db": "BID",
            "id": "97055"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6020"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-592"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "ba452eb2-f54b-4527-b139-cb294893a8cf"
          },
          {
            "db": "ZDI",
            "id": "ZDI-17-286"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11031"
          },
          {
            "db": "BID",
            "id": "97055"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6020"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-592"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-23T00:00:00",
            "db": "IVD",
            "id": "ba452eb2-f54b-4527-b139-cb294893a8cf"
          },
          {
            "date": "2017-04-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-286"
          },
          {
            "date": "2017-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-11031"
          },
          {
            "date": "2017-03-23T00:00:00",
            "db": "BID",
            "id": "97055"
          },
          {
            "date": "2018-06-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013274"
          },
          {
            "date": "2018-04-17T14:29:00.290000",
            "db": "NVD",
            "id": "CVE-2017-6020"
          },
          {
            "date": "2017-02-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-592"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-12T00:00:00",
            "db": "ZDI",
            "id": "ZDI-17-286"
          },
          {
            "date": "2019-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-11031"
          },
          {
            "date": "2017-03-29T00:01:00",
            "db": "BID",
            "id": "97055"
          },
          {
            "date": "2018-06-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013274"
          },
          {
            "date": "2019-10-09T23:28:34.167000",
            "db": "NVD",
            "id": "CVE-2017-6020"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-592"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-592"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA Path traversal vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "ba452eb2-f54b-4527-b139-cb294893a8cf"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11031"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Path traversal",
        "sources": [
          {
            "db": "IVD",
            "id": "ba452eb2-f54b-4527-b139-cb294893a8cf"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-592"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202010-0862

    Vulnerability from variot - Updated: 2023-12-18 12:55

    An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870). This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. LAquis SCADA is a set of SCADA software for monitoring and data acquisition.

    Versions prior to LAquis SCADA 4.3.1.870 have an out-of-bounds read vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202010-0862",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "scada",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "laquisscada",
            "version": "4.3.1.870"
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "lcds",
            "version": "version 4.3.1.870"
          },
          {
            "model": "scada",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis",
            "version": null
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "-\u003c4.3.1.870"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1244"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-56118"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009053"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25188"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:laquisscada:scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.3.1.870",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-25188"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1244"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-25188",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-56118",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-25188",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009053",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-25188",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-25188",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-009053",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-25188",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-56118",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202010-578",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-25188",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1244"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-56118"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009053"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-578"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870). This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files.  The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer.  An attacker can leverage this vulnerability to execute code in the context of the current process. LAquis SCADA is a set of SCADA software for monitoring and data acquisition. \n\r\n\r\nVersions prior to LAquis SCADA 4.3.1.870 have an out-of-bounds read vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-25188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009053"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-1244"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-56118"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25188"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-25188",
            "trust": 3.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-287-02",
            "trust": 3.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-1244",
            "trust": 2.4
          },
          {
            "db": "JVN",
            "id": "JVNVU93774209",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009053",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11029",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-56118",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3528",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-578",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25188",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1244"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-56118"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009053"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-578"
          }
        ]
      },
      "id": "VAR-202010-0862",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-56118"
          }
        ],
        "trust": 1.2364671999999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-56118"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:55:52.030000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "LAquis has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-287-02"
          },
          {
            "title": "Patch for LAquis SCADA out-of-bounds read vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/236203"
          },
          {
            "title": "LCDS LAquis SCADA Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131252"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1244"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-56118"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-578"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009053"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25188"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-287-02"
          },
          {
            "trust": 1.7,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-1244/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25188"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25188"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93774209/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3528/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/125.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189765"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1244"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-56118"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009053"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-578"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1244"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-56118"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009053"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-578"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-1244"
          },
          {
            "date": "2020-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-56118"
          },
          {
            "date": "2020-10-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-25188"
          },
          {
            "date": "2020-10-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-009053"
          },
          {
            "date": "2020-10-14T13:15:13.303000",
            "db": "NVD",
            "id": "CVE-2020-25188"
          },
          {
            "date": "2020-10-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202010-578"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-14T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-1244"
          },
          {
            "date": "2020-10-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-56118"
          },
          {
            "date": "2020-10-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-25188"
          },
          {
            "date": "2020-10-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-009053"
          },
          {
            "date": "2020-10-26T18:27:11.643000",
            "db": "NVD",
            "id": "CVE-2020-25188"
          },
          {
            "date": "2020-10-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202010-578"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-578"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Made  LAquis SCADA Out-of-bounds read vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009053"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-578"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-1529

    Vulnerability from variot - Updated: 2023-12-18 12:50

    A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution. Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME of LAquis SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LCDS LAquis SCADA A set of SCADA software for monitoring and data acquisition from Brazil LCDS. A security vulnerability exists in LCDS LAquis SCADA version 4.1.0.3391 and earlier that caused the program to fail to properly detect or handle anomalies. An attacker could exploit the vulnerability to execute code. LAquis SCADA is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1529",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.3391"
          },
          {
            "model": "le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "-\u003c=4.1.0.3391"
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "4.1.0.3391"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3391"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3774"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "lcds",
            "version": "-\u003c=4.1.0.3391"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-07745"
          },
          {
            "db": "BID",
            "id": "103724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004093"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-408"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.0.3391",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5463"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Karn Ganeshen",
        "sources": [
          {
            "db": "BID",
            "id": "103724"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-5463",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-5463",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-07745",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-5463",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-5463",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-07745",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201804-408",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-5463",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-07745"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5463"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004093"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-408"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution. Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME of LAquis SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LCDS LAquis SCADA A set of SCADA software for monitoring and data acquisition from Brazil LCDS. A security vulnerability exists in LCDS LAquis SCADA version 4.1.0.3391 and earlier that caused the program to fail to properly detect or handle anomalies. An attacker could exploit the vulnerability to execute code. LAquis SCADA is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5463"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004093"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-07745"
          },
          {
            "db": "BID",
            "id": "103724"
          },
          {
            "db": "IVD",
            "id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5463"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-5463",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-095-03",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "103724",
            "trust": 2.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-07745",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-408",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004093",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2EB40D0-39AB-11E9-AED1-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5463",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-07745"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5463"
          },
          {
            "db": "BID",
            "id": "103724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004093"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-408"
          }
        ]
      },
      "id": "VAR-201804-1529",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-07745"
          }
        ],
        "trust": 1.5576448
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-07745"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:50:46.854000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "LCDS LAquis SCADA patch for arbitrary code execution vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/125847"
          },
          {
            "title": "LCDS LAquis SCADA Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83210"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07745"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004093"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-408"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004093"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5463"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-095-03"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/103724"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5463"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5463"
          },
          {
            "trust": 0.3,
            "url": "https://laquisscada.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07745"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5463"
          },
          {
            "db": "BID",
            "id": "103724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004093"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-408"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-07745"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5463"
          },
          {
            "db": "BID",
            "id": "103724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004093"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-408"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-04-17T00:00:00",
            "db": "IVD",
            "id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
          },
          {
            "date": "2018-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-07745"
          },
          {
            "date": "2018-04-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5463"
          },
          {
            "date": "2018-04-05T00:00:00",
            "db": "BID",
            "id": "103724"
          },
          {
            "date": "2018-06-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004093"
          },
          {
            "date": "2018-04-09T21:29:00.210000",
            "db": "NVD",
            "id": "CVE-2018-5463"
          },
          {
            "date": "2018-04-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-408"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-07745"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5463"
          },
          {
            "date": "2018-04-05T00:00:00",
            "db": "BID",
            "id": "103724"
          },
          {
            "date": "2018-06-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004093"
          },
          {
            "date": "2019-10-09T23:41:24.547000",
            "db": "NVD",
            "id": "CVE-2018-5463"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-408"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-408"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS LAquis SCADA Arbitrary code execution vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-07745"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-408"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201908-1839

    Vulnerability from variot - Updated: 2023-12-18 12:50

    Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). LAquis SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A buffer overflow vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1839",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "lcds",
            "version": "4.3.1.71"
          },
          {
            "model": "scada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "laquisscada",
            "version": "4.3.1.71"
          },
          {
            "model": "scada",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada",
            "version": "4.3.1.71"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-688"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28113"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007543"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10994"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:laquisscada:scada:4.3.1.71:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10994"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Francis Provencher {PRL}",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-143"
          }
        ],
        "trust": 1.3
      },
      "cve": "CVE-2019-10994",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-10994",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-28113",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "82947e4f-7b47-4a27-8c05-80e16eed7572",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.3,
                "baseSeverity": "Low",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2019-10994",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.0,
                "id": "CVE-2019-10994",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-10994",
                "trust": 1.8,
                "value": "LOW"
              },
              {
                "author": "ZDI",
                "id": "CVE-2019-10994",
                "trust": 0.7,
                "value": "LOW"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-28113",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-143",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "82947e4f-7b47-4a27-8c05-80e16eed7572",
                "trust": 0.2,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-688"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28113"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007543"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10994"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-143"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). LAquis SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files.  The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure.  An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A buffer overflow vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10994"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007543"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-688"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28113"
          },
          {
            "db": "IVD",
            "id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
          }
        ],
        "trust": 2.97
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10994",
            "trust": 3.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-213-06",
            "trust": 3.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-688",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28113",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-143",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007543",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8198",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2899",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "82947E4F-7B47-4A27-8C05-80E16EED7572",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-688"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28113"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007543"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10994"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-143"
          }
        ]
      },
      "id": "VAR-201908-1839",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28113"
          }
        ],
        "trust": 1.3507122
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28113"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:50:08.253000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "LAquis has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06"
          },
          {
            "title": "Patch for LCDS LAquis SCADA Buffer Overflow Vulnerability (CNVD-2019-28113)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/176009"
          },
          {
            "title": "LCDS LAquis SCADA Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95905"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-688"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28113"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007543"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-143"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007543"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10994"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10994"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10994"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2899/"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-688/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-688"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28113"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007543"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10994"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-143"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-688"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28113"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007543"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10994"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-143"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-20T00:00:00",
            "db": "IVD",
            "id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
          },
          {
            "date": "2019-08-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-688"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-28113"
          },
          {
            "date": "2019-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007543"
          },
          {
            "date": "2019-08-05T19:15:11.193000",
            "db": "NVD",
            "id": "CVE-2019-10994"
          },
          {
            "date": "2019-08-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-143"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-688"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-28113"
          },
          {
            "date": "2019-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007543"
          },
          {
            "date": "2019-10-09T23:45:10.150000",
            "db": "NVD",
            "id": "CVE-2019-10994"
          },
          {
            "date": "2019-08-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-143"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-143"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA Vulnerable to out-of-bounds reading",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007543"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-143"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201908-1829

    Vulnerability from variot - Updated: 2023-12-18 12:50

    A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). LAquis SCADA Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A security vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1829",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "lcds",
            "version": "4.3.1.71"
          },
          {
            "model": "scada",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "laquisscada",
            "version": "4.3.1.71"
          },
          {
            "model": "scada",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "scada",
            "version": "4.3.1.71"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-689"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007542"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10980"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:laquisscada:scada:4.3.1.71:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10980"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Francis Provencher {PRL}",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-141"
          }
        ],
        "trust": 1.3
      },
      "cve": "CVE-2019-10980",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-10980",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-28110",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "946f2366-28b8-45eb-a406-6894c7dfd9ed",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-10980",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-10980",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-10980",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2019-10980",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-28110",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-141",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "946f2366-28b8-45eb-a406-6894c7dfd9ed",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-689"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007542"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10980"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-141"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). LAquis SCADA Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files.  The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A security vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007542"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-689"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28110"
          },
          {
            "db": "IVD",
            "id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
          }
        ],
        "trust": 2.97
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10980",
            "trust": 3.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-213-06",
            "trust": 2.4
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-689",
            "trust": 1.3
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2899",
            "trust": 1.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28110",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-141",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007542",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-8200",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "946F2366-28B8-45EB-A406-6894C7DFD9ED",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-689"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007542"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10980"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-141"
          }
        ]
      },
      "id": "VAR-201908-1829",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28110"
          }
        ],
        "trust": 1.3507122
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28110"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:50:08.218000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "LAquis has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06"
          },
          {
            "title": "LCDS LAquis SCADA Information Disclosure Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/176007"
          },
          {
            "title": "LCDS LAquis SCADA Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95903"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-689"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007542"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-141"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-843",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-704",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007542"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10980"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10980"
          },
          {
            "trust": 1.2,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2899/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10980"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-19-689/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-689"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007542"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10980"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-141"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-689"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007542"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10980"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-141"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-20T00:00:00",
            "db": "IVD",
            "id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
          },
          {
            "date": "2019-08-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-689"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-28110"
          },
          {
            "date": "2019-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007542"
          },
          {
            "date": "2019-08-05T19:15:11.117000",
            "db": "NVD",
            "id": "CVE-2019-10980"
          },
          {
            "date": "2019-08-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-141"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-05T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-689"
          },
          {
            "date": "2019-08-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-28110"
          },
          {
            "date": "2019-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007542"
          },
          {
            "date": "2020-10-02T14:12:42.757000",
            "db": "NVD",
            "id": "CVE-2019-10980"
          },
          {
            "date": "2020-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-141"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-141"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS LAquis SCADA Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28110"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-141"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202005-0047

    Vulnerability from variot - Updated: 2023-12-18 12:49

    LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. LCDS LAquis SCADA There is an information leakage vulnerability in.Information may be obtained. This vulnerability allows remote attackers to create arbitrary files on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the AddComboFile method when processing LGX files. When opening an LGX file, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to execute code in the context of the current user. LCDS LAquis SCADA is a set of SCADA (Data Acquisition and Monitoring Control) system of Brazilian LCDS company. The system is mainly used for data collection and process control of equipment with communication technology.

    LCDS LAquis SCADA 4.3.1 and previous versions have information disclosure vulnerabilities that attackers can use to obtain sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0047",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "scada",
            "scope": null,
            "trust": 3.5,
            "vendor": "laquis",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "lcds",
            "version": "4.3.1"
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "lcds",
            "version": "4.3.1"
          },
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "\u003c=4.3.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7f54c799-0a6a-4821-a63f-60ba2b9c8dc6"
          },
          {
            "db": "IVD",
            "id": "b696a7b5-01b0-4388-a850-54610146e78f"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-575"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-571"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-574"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-573"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-572"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25541"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10618"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004086"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10618"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.3.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10618"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natnael Samson (@NattiSamson)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-575"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-571"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-574"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-573"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-572"
          }
        ],
        "trust": 3.5
      },
      "cve": "CVE-2020-10618",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-004086",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-25541",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "7f54c799-0a6a-4821-a63f-60ba2b9c8dc6",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "b696a7b5-01b0-4388-a850-54610146e78f",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-10618",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-10618",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 3.5,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-004086",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2020-10618",
                "trust": 3.5,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-10618",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-004086",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-25541",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-2355",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "7f54c799-0a6a-4821-a63f-60ba2b9c8dc6",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "b696a7b5-01b0-4388-a850-54610146e78f",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-10618",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7f54c799-0a6a-4821-a63f-60ba2b9c8dc6"
          },
          {
            "db": "IVD",
            "id": "b696a7b5-01b0-4388-a850-54610146e78f"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-575"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-571"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-574"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-573"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-572"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25541"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10618"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004086"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10618"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2355"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. LCDS LAquis SCADA There is an information leakage vulnerability in.Information may be obtained. This vulnerability allows remote attackers to create arbitrary files on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the AddComboFile method when processing LGX files. When opening an LGX file, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to execute code in the context of the current user. LCDS LAquis SCADA is a set of SCADA (Data Acquisition and Monitoring Control) system of Brazilian LCDS company. The system is mainly used for data collection and process control of equipment with communication technology. \n\r\n\r\nLCDS LAquis SCADA 4.3.1 and previous versions have information disclosure vulnerabilities that attackers can use to obtain sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10618"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004086"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-575"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-571"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-574"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-573"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-572"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25541"
          },
          {
            "db": "IVD",
            "id": "7f54c799-0a6a-4821-a63f-60ba2b9c8dc6"
          },
          {
            "db": "IVD",
            "id": "b696a7b5-01b0-4388-a850-54610146e78f"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10618"
          }
        ],
        "trust": 5.76
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10618",
            "trust": 7.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-119-01",
            "trust": 3.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-575",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25541",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2355",
            "trust": 1.0
          },
          {
            "db": "JVN",
            "id": "JVNVU97783982",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004086",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10319",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10317",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-571",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10316",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-574",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10197",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-573",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10318",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-572",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1589",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "46599",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "7F54C799-0A6A-4821-A63F-60BA2B9C8DC6",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "B696A7B5-01B0-4388-A850-54610146E78F",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10618",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7f54c799-0a6a-4821-a63f-60ba2b9c8dc6"
          },
          {
            "db": "IVD",
            "id": "b696a7b5-01b0-4388-a850-54610146e78f"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-575"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-571"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-574"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-573"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-572"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25541"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10618"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004086"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10618"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2355"
          }
        ]
      },
      "id": "VAR-202005-0047",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7f54c799-0a6a-4821-a63f-60ba2b9c8dc6"
          },
          {
            "db": "IVD",
            "id": "b696a7b5-01b0-4388-a850-54610146e78f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25541"
          }
        ],
        "trust": 1.5507122
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7f54c799-0a6a-4821-a63f-60ba2b9c8dc6"
          },
          {
            "db": "IVD",
            "id": "b696a7b5-01b0-4388-a850-54610146e78f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25541"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:49:41.767000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LAquis has issued an update to correct this vulnerability.",
            "trust": 3.5,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-119-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "Patch for LCDS LAquis SCADA Information Disclosure Vulnerability (CNVD-2020-25541)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/215717"
          },
          {
            "title": "LCDS LAquis SCADA Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117923"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-575"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-571"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-574"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-573"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-572"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25541"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2355"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004086"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10618"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 6.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-119-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10618"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10618"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97783982/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/46599"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-575/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1589/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/200.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180953"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-575"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-571"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-574"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-573"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-572"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25541"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10618"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004086"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10618"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2355"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7f54c799-0a6a-4821-a63f-60ba2b9c8dc6"
          },
          {
            "db": "IVD",
            "id": "b696a7b5-01b0-4388-a850-54610146e78f"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-575"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-571"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-574"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-573"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-572"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25541"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10618"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004086"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10618"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2355"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-28T00:00:00",
            "db": "IVD",
            "id": "7f54c799-0a6a-4821-a63f-60ba2b9c8dc6"
          },
          {
            "date": "2020-04-28T00:00:00",
            "db": "IVD",
            "id": "b696a7b5-01b0-4388-a850-54610146e78f"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-575"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-571"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-574"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-573"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-572"
          },
          {
            "date": "2020-04-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-25541"
          },
          {
            "date": "2020-05-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10618"
          },
          {
            "date": "2020-05-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-004086"
          },
          {
            "date": "2020-05-04T19:15:12.707000",
            "db": "NVD",
            "id": "CVE-2020-10618"
          },
          {
            "date": "2020-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2355"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-575"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-571"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-574"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-573"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-572"
          },
          {
            "date": "2020-04-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-25541"
          },
          {
            "date": "2020-05-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10618"
          },
          {
            "date": "2020-05-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-004086"
          },
          {
            "date": "2021-09-14T14:09:27.290000",
            "db": "NVD",
            "id": "CVE-2020-10618"
          },
          {
            "date": "2020-05-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2355"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2355"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA LGX File Insufficient UI Warning Arbitrary File Creation Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-575"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-571"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-574"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-573"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-572"
          }
        ],
        "trust": 3.5
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2355"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202005-0050

    Vulnerability from variot - Updated: 2023-12-18 12:49

    LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users. LCDS LAquis SCADA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the File.Read method when processing LGX files. When opening an LGX file, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to disclose information in the context of the current user. LCDS LAquis SCADA is a set of SCADA (Data Acquisition and Monitoring Control) system of Brazilian LCDS company. The system is mainly used for data collection and process control of equipment with communication technology.

    LCDS LAquis SCADA 4.3.1 and previous versions have input validation error vulnerabilities that attackers can use to create arbitrary files. LCDS LAquis SCADA could allow a local authenticated malicious user to bypass security restrictions, caused by improper input validation

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0050",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "scada",
            "scope": null,
            "trust": 1.4,
            "vendor": "laquis",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "lcds",
            "version": "4.3.1"
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "lcds",
            "version": "4.3.1"
          },
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "\u003c=4.3.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2ba5a840-cf61-46cb-ab45-c56275542767"
          },
          {
            "db": "IVD",
            "id": "a9026409-b56d-425a-9e76-33b7cc1277a0"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-577"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25540"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10622"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004085"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10622"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.3.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10622"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natnael Samson (@NattiSamson)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-577"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-576"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2020-10622",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-004085",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-25540",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "2ba5a840-cf61-46cb-ab45-c56275542767",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "a9026409-b56d-425a-9e76-33b7cc1277a0",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-10622",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-10622",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-004085",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2020-10622",
                "trust": 1.4,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-10622",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-004085",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-25540",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-2351",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "2ba5a840-cf61-46cb-ab45-c56275542767",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "a9026409-b56d-425a-9e76-33b7cc1277a0",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-10622",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2ba5a840-cf61-46cb-ab45-c56275542767"
          },
          {
            "db": "IVD",
            "id": "a9026409-b56d-425a-9e76-33b7cc1277a0"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-577"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25540"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10622"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004085"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2351"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users. LCDS LAquis SCADA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the File.Read method when processing LGX files. When opening an LGX file, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to disclose information in the context of the current user. LCDS LAquis SCADA is a set of SCADA (Data Acquisition and Monitoring Control) system of Brazilian LCDS company. The system is mainly used for data collection and process control of equipment with communication technology. \n\r\n\r\nLCDS LAquis SCADA 4.3.1 and previous versions have input validation error vulnerabilities that attackers can use to create arbitrary files. LCDS LAquis SCADA could allow a local authenticated malicious user to bypass security restrictions, caused by improper input validation",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10622"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004085"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-577"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25540"
          },
          {
            "db": "IVD",
            "id": "2ba5a840-cf61-46cb-ab45-c56275542767"
          },
          {
            "db": "IVD",
            "id": "a9026409-b56d-425a-9e76-33b7cc1277a0"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10622"
          }
        ],
        "trust": 3.87
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10622",
            "trust": 4.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-119-01",
            "trust": 3.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-577",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25540",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2351",
            "trust": 1.0
          },
          {
            "db": "JVN",
            "id": "JVNVU97783982",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004085",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10321",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10320",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-576",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1589",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "46600",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "2BA5A840-CF61-46CB-AB45-C56275542767",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "A9026409-B56D-425A-9E76-33B7CC1277A0",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10622",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2ba5a840-cf61-46cb-ab45-c56275542767"
          },
          {
            "db": "IVD",
            "id": "a9026409-b56d-425a-9e76-33b7cc1277a0"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-577"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25540"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10622"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004085"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2351"
          }
        ]
      },
      "id": "VAR-202005-0050",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "2ba5a840-cf61-46cb-ab45-c56275542767"
          },
          {
            "db": "IVD",
            "id": "a9026409-b56d-425a-9e76-33b7cc1277a0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25540"
          }
        ],
        "trust": 1.5507122
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2ba5a840-cf61-46cb-ab45-c56275542767"
          },
          {
            "db": "IVD",
            "id": "a9026409-b56d-425a-9e76-33b7cc1277a0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25540"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:49:41.719000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LAquis has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-119-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "Patch for LCDS LAquis SCADA input verification error vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/215721"
          },
          {
            "title": "LCDS LAquis SCADA Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117922"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-577"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2351"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10622"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.5,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-119-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10622"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10622"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97783982/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/46600"
          },
          {
            "trust": 0.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-20-577/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1589/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180954"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-577"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25540"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10622"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004085"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2351"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "2ba5a840-cf61-46cb-ab45-c56275542767"
          },
          {
            "db": "IVD",
            "id": "a9026409-b56d-425a-9e76-33b7cc1277a0"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-577"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-25540"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10622"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004085"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2351"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-28T00:00:00",
            "db": "IVD",
            "id": "2ba5a840-cf61-46cb-ab45-c56275542767"
          },
          {
            "date": "2020-04-28T00:00:00",
            "db": "IVD",
            "id": "a9026409-b56d-425a-9e76-33b7cc1277a0"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-577"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-576"
          },
          {
            "date": "2020-04-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-25540"
          },
          {
            "date": "2020-05-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10622"
          },
          {
            "date": "2020-05-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-004085"
          },
          {
            "date": "2020-05-04T19:15:12.767000",
            "db": "NVD",
            "id": "CVE-2020-10622"
          },
          {
            "date": "2020-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2351"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-577"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-576"
          },
          {
            "date": "2020-04-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-25540"
          },
          {
            "date": "2020-05-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10622"
          },
          {
            "date": "2020-05-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-004085"
          },
          {
            "date": "2020-05-06T21:05:00.173000",
            "db": "NVD",
            "id": "CVE-2020-10622"
          },
          {
            "date": "2020-05-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-2351"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2351"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA LGX File Insufficient UI Warning Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-577"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-576"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input validation error",
        "sources": [
          {
            "db": "IVD",
            "id": "2ba5a840-cf61-46cb-ab45-c56275542767"
          },
          {
            "db": "IVD",
            "id": "a9026409-b56d-425a-9e76-33b7cc1277a0"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-2351"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-201810-0484

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution. LAquis SCADA Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. At attacker can leverage this vulnerability to execute code under the context of the current process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. LAquis SCADA Smart Security Manager is prone to following multiple security vulnerabilities: 1. Remote-code execution vulnerability 2. Multiple unspecified interger overflow vulnerability 3. Directory traversal vulnerability 4. Failed attacks may cause a denial-of-service condition. LAquis SCADA mart Security Manager Versions 4.1.0.3870 and prior versions are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0484",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "software",
            "scope": null,
            "trust": 2.1,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "\\342\\200\\223 le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada \u003c=4.1.0.3870",
            "scope": null,
            "trust": 0.6,
            "vendor": "lcds",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada smart security manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada smart security manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4114"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe539e-39ab-11e9-9fdb-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1248"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1250"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21318"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011036"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17897"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-760"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.0.3870",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17897"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "rgod of 9SG Security Team - rgod@9sgsec.com",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1248"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1250"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1249"
          }
        ],
        "trust": 2.1
      },
      "cve": "CVE-2018-17897",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-17897",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 2.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-17897",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2018-21318",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "e2fe539e-39ab-11e9-9fdb-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-17897",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-17897",
                "trust": 2.1,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-17897",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-21318",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-760",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2fe539e-39ab-11e9-9fdb-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe539e-39ab-11e9-9fdb-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1248"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1250"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21318"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011036"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17897"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-760"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution. LAquis SCADA Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. At attacker can leverage this vulnerability to execute code under the context of the current process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. LAquis SCADA Smart Security Manager is prone to following multiple security vulnerabilities:\n1. Remote-code execution vulnerability\n2. Multiple unspecified interger overflow vulnerability\n3. Directory traversal vulnerability\n4. Failed attacks may cause a denial-of-service condition. \nLAquis SCADA mart Security Manager Versions 4.1.0.3870 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17897"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011036"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1248"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1250"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21318"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "IVD",
            "id": "e2fe539e-39ab-11e9-9fdb-000c29342cb1"
          }
        ],
        "trust": 4.5
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17897",
            "trust": 5.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-289-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "105719",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21318",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-760",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011036",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6279",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1248",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6281",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1250",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6280",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1249",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FE539E-39AB-11E9-9FDB-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe539e-39ab-11e9-9fdb-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1248"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1250"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21318"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011036"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17897"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-760"
          }
        ]
      },
      "id": "VAR-201810-0484",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe539e-39ab-11e9-9fdb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21318"
          }
        ],
        "trust": 1.5753561
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe539e-39ab-11e9-9fdb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21318"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:29.975000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 2.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-289-01"
          },
          {
            "title": "LAquis SCADA software",
            "trust": 0.8,
            "url": "https://laquisscada.com/instale1.php"
          },
          {
            "title": "Patch for LAquis SCADA Integer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/142795"
          },
          {
            "title": "LAquis SCADA Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85843"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1248"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1250"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21318"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-760"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011036"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17897"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 5.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-289-01"
          },
          {
            "trust": 1.9,
            "url": "http://laquisscada.com/instale1.php"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/105719"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17897"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17897"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1248"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1250"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21318"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011036"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17897"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-760"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fe539e-39ab-11e9-9fdb-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1248"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1250"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21318"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011036"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17897"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-760"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-18T00:00:00",
            "db": "IVD",
            "id": "e2fe539e-39ab-11e9-9fdb-000c29342cb1"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1248"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1250"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1249"
          },
          {
            "date": "2018-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21318"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "BID",
            "id": "105719"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011036"
          },
          {
            "date": "2018-10-17T02:29:00.857000",
            "db": "NVD",
            "id": "CVE-2018-17897"
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-760"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1248"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1250"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1249"
          },
          {
            "date": "2018-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21318"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "BID",
            "id": "105719"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011036"
          },
          {
            "date": "2018-11-30T15:26:43.843000",
            "db": "NVD",
            "id": "CVE-2018-17897"
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-760"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-760"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA LQS File Parsing Integer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1248"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1250"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1249"
          }
        ],
        "trust": 2.1
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-760"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201810-0482

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which may allow remote code execution. LAquis SCADA Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. At attacker can leverage this vulnerability to execute code under the context of the current process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. LAquis SCADA Smart Security Manager is prone to following multiple security vulnerabilities: 1. Remote-code execution vulnerability 2. Multiple unspecified interger overflow vulnerability 3. Directory traversal vulnerability 4. Failed attacks may cause a denial-of-service condition. LAquis SCADA mart Security Manager Versions 4.1.0.3870 and prior versions are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0482",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "software",
            "scope": null,
            "trust": 4.2,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "\\342\\200\\223 le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada \u003c=4.1.0.3870",
            "scope": null,
            "trust": 0.6,
            "vendor": "lcds",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada smart security manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada smart security manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4114"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe2c90-39ab-11e9-9b0f-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1255"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1253"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1247"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1251"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1256"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1260"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21317"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011037"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-759"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.0.3870",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17895"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Esteban Ruiz (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1253"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1256"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1260"
          }
        ],
        "trust": 2.1
      },
      "cve": "CVE-2018-17895",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-17895",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 2.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-17895",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 1.4,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-17895",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-21317",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2fe2c90-39ab-11e9-9b0f-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-17895",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-17895",
                "trust": 4.2,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-17895",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-21317",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-759",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2fe2c90-39ab-11e9-9b0f-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe2c90-39ab-11e9-9b0f-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1255"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1253"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1247"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1251"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1256"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1260"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011037"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-759"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which may allow remote code execution. LAquis SCADA Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. At attacker can leverage this vulnerability to execute code under the context of the current process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. LAquis SCADA Smart Security Manager is prone to following multiple security vulnerabilities:\n1. Remote-code execution vulnerability\n2. Multiple unspecified interger overflow vulnerability\n3. Directory traversal vulnerability\n4. Failed attacks may cause a denial-of-service condition. \nLAquis SCADA mart Security Manager Versions 4.1.0.3870 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011037"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1255"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1253"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1247"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1251"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1256"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1260"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21317"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "IVD",
            "id": "e2fe2c90-39ab-11e9-9b0f-000c29342cb1"
          }
        ],
        "trust": 6.39
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17895",
            "trust": 7.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-289-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "105719",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21317",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-759",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011037",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6447",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1255",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6374",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1253",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6278",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1247",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6319",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1251",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6450",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1256",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6451",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1260",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FE2C90-39AB-11E9-9B0F-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe2c90-39ab-11e9-9b0f-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1255"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1253"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1247"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1251"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1256"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1260"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21317"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011037"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-759"
          }
        ]
      },
      "id": "VAR-201810-0482",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe2c90-39ab-11e9-9b0f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21317"
          }
        ],
        "trust": 1.5753561
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe2c90-39ab-11e9-9b0f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21317"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:29.912000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 4.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-289-01"
          },
          {
            "title": "LAquis SCADA software",
            "trust": 0.8,
            "url": "https://laquisscada.com/instale1.php"
          },
          {
            "title": "LAquis SCADA patch for out-of-bounds read vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/142791"
          },
          {
            "title": "LAquis SCADA Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85842"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1255"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1253"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1247"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1251"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1256"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1260"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011037"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-759"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011037"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17895"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 7.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-289-01"
          },
          {
            "trust": 1.9,
            "url": "http://laquisscada.com/instale1.php"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/105719"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17895"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17895"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1255"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1253"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1247"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1251"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1256"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1260"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21317"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011037"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-759"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fe2c90-39ab-11e9-9b0f-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1255"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1253"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1247"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1251"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1256"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1260"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21317"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011037"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-759"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-18T00:00:00",
            "db": "IVD",
            "id": "e2fe2c90-39ab-11e9-9b0f-000c29342cb1"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1255"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1253"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1247"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1251"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1256"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1260"
          },
          {
            "date": "2018-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21317"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "BID",
            "id": "105719"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011037"
          },
          {
            "date": "2018-10-17T02:29:00.733000",
            "db": "NVD",
            "id": "CVE-2018-17895"
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-759"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1255"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1253"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1247"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1251"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1256"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1260"
          },
          {
            "date": "2018-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21317"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "BID",
            "id": "105719"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011037"
          },
          {
            "date": "2019-10-09T23:37:00.597000",
            "db": "NVD",
            "id": "CVE-2018-17895"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-759"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-759"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA LQS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1255"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1251"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1256"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1260"
          }
        ],
        "trust": 2.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe2c90-39ab-11e9-9b0f-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-759"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201810-0480

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution. LAquis SCADA Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of LQS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. At attacker can leverage this vulnerability to execute code under the context of the current process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. LAquis SCADA Smart Security Manager is prone to following multiple security vulnerabilities: 1. Remote-code execution vulnerability 2. Multiple unspecified interger overflow vulnerability 3. Directory traversal vulnerability 4. Failed attacks may cause a denial-of-service condition. LAquis SCADA mart Security Manager Versions 4.1.0.3870 and prior versions are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0480",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "software",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "\\342\\200\\223 le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada \u003c=4.1.0.3870",
            "scope": null,
            "trust": 0.6,
            "vendor": "lcds",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada smart security manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada smart security manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4114"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe0580-39ab-11e9-ba80-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1246"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21316"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011038"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-758"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.0.3870",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17893"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "rgod of 9SG Security Team - rgod@9sgsec.com",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1246"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-17893",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-17893",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-17893",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2018-21316",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "e2fe0580-39ab-11e9-ba80-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-17893",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-17893",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-17893",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-21316",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-758",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2fe0580-39ab-11e9-ba80-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe0580-39ab-11e9-ba80-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1246"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011038"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-758"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution. LAquis SCADA Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of LQS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. At attacker can leverage this vulnerability to execute code under the context of the current process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. LAquis SCADA Smart Security Manager is prone to following multiple security vulnerabilities:\n1. Remote-code execution vulnerability\n2. Multiple unspecified interger overflow vulnerability\n3. Directory traversal vulnerability\n4. Failed attacks may cause a denial-of-service condition. \nLAquis SCADA mart Security Manager Versions 4.1.0.3870 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011038"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1246"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21316"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "IVD",
            "id": "e2fe0580-39ab-11e9-ba80-000c29342cb1"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17893",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-289-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "105719",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21316",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-758",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011038",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6277",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1246",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FE0580-39AB-11E9-BA80-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe0580-39ab-11e9-ba80-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1246"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21316"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011038"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-758"
          }
        ]
      },
      "id": "VAR-201810-0480",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe0580-39ab-11e9-ba80-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21316"
          }
        ],
        "trust": 1.5753561
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe0580-39ab-11e9-ba80-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21316"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:29.870000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LAquis SCADA software",
            "trust": 0.8,
            "url": "https://laquisscada.com/instale1.php"
          },
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-289-01"
          },
          {
            "title": "Patch for LAquis SCADA Remote Code Execution Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/142789"
          },
          {
            "title": "LAquis SCADA Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85841"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1246"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011038"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-758"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011038"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17893"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-289-01"
          },
          {
            "trust": 1.9,
            "url": "http://laquisscada.com/instale1.php"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/105719"
          },
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151417"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17893"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17893"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1246"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21316"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011038"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-758"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fe0580-39ab-11e9-ba80-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1246"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21316"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011038"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-758"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-18T00:00:00",
            "db": "IVD",
            "id": "e2fe0580-39ab-11e9-ba80-000c29342cb1"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1246"
          },
          {
            "date": "2018-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21316"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "BID",
            "id": "105719"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011038"
          },
          {
            "date": "2018-10-17T02:29:00.593000",
            "db": "NVD",
            "id": "CVE-2018-17893"
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-758"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1246"
          },
          {
            "date": "2018-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21316"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "BID",
            "id": "105719"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011038"
          },
          {
            "date": "2019-10-09T23:37:00.333000",
            "db": "NVD",
            "id": "CVE-2018-17893"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-758"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-758"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA Remote code execution vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe0580-39ab-11e9-ba80-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21316"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe0580-39ab-11e9-ba80-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-758"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201810-0494

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution. LAquis SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within aq.exe. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code in the context of the current process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0494",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "scada",
            "scope": null,
            "trust": 2.1,
            "vendor": "laquis",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "\\342\\200\\223 le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada \u003c=4.1.0.3870",
            "scope": null,
            "trust": 0.6,
            "vendor": "lcds",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe0581-39ab-11e9-b6a7-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1257"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1259"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1258"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21323"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011025"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-763"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.0.3870",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17911"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mat Powell of Trend Micro Zero Day Initiative",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1257"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1259"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1258"
          }
        ],
        "trust": 2.1
      },
      "cve": "CVE-2018-17911",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-17911",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2018-21323",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "e2fe0581-39ab-11e9-b6a7-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2018-17911",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.1,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-17911",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-17911",
                "trust": 2.1,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-17911",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-21323",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-763",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2fe0581-39ab-11e9-b6a7-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe0581-39ab-11e9-b6a7-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1257"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1259"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1258"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21323"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011025"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-763"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution. LAquis SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within aq.exe. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code in the context of the current process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17911"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011025"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1257"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1259"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1258"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21323"
          },
          {
            "db": "IVD",
            "id": "e2fe0581-39ab-11e9-b6a7-000c29342cb1"
          }
        ],
        "trust": 4.23
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17911",
            "trust": 5.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-289-01",
            "trust": 3.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1258",
            "trust": 2.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21323",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-763",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011025",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6544",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1257",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6546",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1259",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6545",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FE0581-39AB-11E9-B6A7-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe0581-39ab-11e9-b6a7-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1257"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1259"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1258"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21323"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011025"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-763"
          }
        ]
      },
      "id": "VAR-201810-0494",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe0581-39ab-11e9-b6a7-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21323"
          }
        ],
        "trust": 1.5753561
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe0581-39ab-11e9-b6a7-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21323"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:29.828000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LAquis has issued an update to correct this vulnerability.",
            "trust": 2.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-289-01"
          },
          {
            "title": "LAquis SCADA software",
            "trust": 0.8,
            "url": "https://laquisscada.com/instale1.php"
          },
          {
            "title": "Patch for LAquis SCADA Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/142805"
          },
          {
            "title": "LAquis SCADA Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85847"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1257"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1259"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1258"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21323"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011025"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-763"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011025"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17911"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 5.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-289-01"
          },
          {
            "trust": 1.6,
            "url": "http://laquisscada.com/instale1.php"
          },
          {
            "trust": 1.6,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-18-1258/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17911"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17911"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1257"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1259"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1258"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21323"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011025"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-763"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fe0581-39ab-11e9-b6a7-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1257"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1259"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1258"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21323"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011025"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-763"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-18T00:00:00",
            "db": "IVD",
            "id": "e2fe0581-39ab-11e9-b6a7-000c29342cb1"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1257"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1259"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1258"
          },
          {
            "date": "2018-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21323"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011025"
          },
          {
            "date": "2018-10-17T02:29:01.280000",
            "db": "NVD",
            "id": "CVE-2018-17911"
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-763"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1257"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1259"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1258"
          },
          {
            "date": "2018-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21323"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011025"
          },
          {
            "date": "2020-09-18T17:24:18.457000",
            "db": "NVD",
            "id": "CVE-2018-17911"
          },
          {
            "date": "2020-09-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-763"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-763"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011025"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-763"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe0581-39ab-11e9-b6a7-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-763"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201810-0486

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution. LAquis SCADA Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. LAquis SCADA Smart Security Manager is prone to following multiple security vulnerabilities: 1. Remote-code execution vulnerability 2. Multiple unspecified interger overflow vulnerability 3. Directory traversal vulnerability 4. Failed attacks may cause a denial-of-service condition. LAquis SCADA mart Security Manager Versions 4.1.0.3870 and prior versions are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0486",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "software",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "\\342\\200\\223 le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada \u003c=4.1.0.3870",
            "scope": null,
            "trust": 0.6,
            "vendor": "lcds",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada smart security manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada smart security manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4114"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b771-463f-11e9-9ac8-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1252"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21321"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011035"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17899"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-761"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.0.3870",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17899"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Esteban Ruiz (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1252"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-17899",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-17899",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 1.5,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-21321",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d85b771-463f-11e9-9ac8-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-17899",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-17899",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-17899",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-21321",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-761",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d85b771-463f-11e9-9ac8-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b771-463f-11e9-9ac8-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1252"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011035"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17899"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-761"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution. LAquis SCADA Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition. LAquis SCADA Smart Security Manager is prone to following multiple security vulnerabilities:\n1. Remote-code execution vulnerability\n2. Multiple unspecified interger overflow vulnerability\n3. Directory traversal vulnerability\n4. Failed attacks may cause a denial-of-service condition. \nLAquis SCADA mart Security Manager Versions 4.1.0.3870 and prior versions are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17899"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011035"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1252"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21321"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "IVD",
            "id": "7d85b771-463f-11e9-9ac8-000c29342cb1"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17899",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-289-01",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "105719",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21321",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-761",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011035",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6373",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1252",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "7D85B771-463F-11E9-9AC8-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b771-463f-11e9-9ac8-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1252"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21321"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011035"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17899"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-761"
          }
        ]
      },
      "id": "VAR-201810-0486",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b771-463f-11e9-9ac8-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21321"
          }
        ],
        "trust": 1.5753561
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b771-463f-11e9-9ac8-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21321"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:29.790000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LAquis SCADA software",
            "trust": 0.8,
            "url": "https://laquisscada.com/instale1.php"
          },
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-289-01"
          },
          {
            "title": "Patch for LAquis SCADA Path Traversal Vulnerability (CNVD-2018-21321)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/142797"
          },
          {
            "title": "LAquis SCADA Repair measures for path traversal vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85844"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1252"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-761"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011035"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17899"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-289-01"
          },
          {
            "trust": 1.9,
            "url": "http://laquisscada.com/instale1.php"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/105719"
          },
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151420"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17899"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17899"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1252"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21321"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011035"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17899"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-761"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d85b771-463f-11e9-9ac8-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1252"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21321"
          },
          {
            "db": "BID",
            "id": "105719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011035"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17899"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-761"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-18T00:00:00",
            "db": "IVD",
            "id": "7d85b771-463f-11e9-9ac8-000c29342cb1"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1252"
          },
          {
            "date": "2018-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21321"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "BID",
            "id": "105719"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011035"
          },
          {
            "date": "2018-10-17T02:29:01",
            "db": "NVD",
            "id": "CVE-2018-17899"
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-761"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1252"
          },
          {
            "date": "2019-01-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21321"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "BID",
            "id": "105719"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011035"
          },
          {
            "date": "2019-10-09T23:37:01.067000",
            "db": "NVD",
            "id": "CVE-2018-17899"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-761"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-761"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA Path traversal vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-761"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Path traversal",
        "sources": [
          {
            "db": "IVD",
            "id": "7d85b771-463f-11e9-9ac8-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-761"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201810-0488

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process. LAquis SCADA Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the application. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0488",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "software",
            "scope": null,
            "trust": 2.1,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "\\342\\200\\223 le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada \u003c=4.1.0.3870",
            "scope": null,
            "trust": 0.6,
            "vendor": "lcds",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "\u2013 le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada smart security manager",
            "scope": "lte",
            "trust": 0.2,
            "vendor": "lcds",
            "version": "\u003c=4.1.0.3870()"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe2c8f-39ab-11e9-8d5b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1261"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1254"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1262"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21322"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011027"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17901"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-762"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.1.0.3870",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17901"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ashraf Alharbi (Ha5ha5hin)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1254"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1262"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2018-17901",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-17901",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 2.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2018-21322",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "e2fe2c8f-39ab-11e9-8d5b-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-17901",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-17901",
                "trust": 2.1,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-17901",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-21322",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-762",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2fe2c8f-39ab-11e9-8d5b-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe2c8f-39ab-11e9-8d5b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1261"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1254"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1262"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21322"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011027"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17901"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-762"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process. LAquis SCADA Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the  application. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17901"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011027"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1261"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1254"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1262"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21322"
          },
          {
            "db": "IVD",
            "id": "e2fe2c8f-39ab-11e9-8d5b-000c29342cb1"
          }
        ],
        "trust": 4.23
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17901",
            "trust": 5.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-289-01",
            "trust": 3.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21322",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-762",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011027",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6602",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1261",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6377",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1254",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6630",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1262",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "E2FE2C8F-39AB-11E9-8D5B-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe2c8f-39ab-11e9-8d5b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1261"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1254"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1262"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21322"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011027"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17901"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-762"
          }
        ]
      },
      "id": "VAR-201810-0488",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe2c8f-39ab-11e9-8d5b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21322"
          }
        ],
        "trust": 1.5753561
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe2c8f-39ab-11e9-8d5b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21322"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:29.748000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 2.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-289-01"
          },
          {
            "title": "LAquis SCADA software",
            "trust": 0.8,
            "url": "https://laquisscada.com/instale1.php"
          },
          {
            "title": "Patch for LAquis SCADA Code Execution Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/142801"
          },
          {
            "title": "LAquis SCADA Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85845"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1261"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1254"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1262"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21322"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011027"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-762"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011027"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17901"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 5.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-289-01"
          },
          {
            "trust": 1.6,
            "url": "http://laquisscada.com/instale1.php"
          },
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151421"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17901"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17901"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1261"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1254"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1262"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21322"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011027"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17901"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-762"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fe2c8f-39ab-11e9-8d5b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1261"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1254"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1262"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21322"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011027"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17901"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-762"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-18T00:00:00",
            "db": "IVD",
            "id": "e2fe2c8f-39ab-11e9-8d5b-000c29342cb1"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1261"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1254"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1262"
          },
          {
            "date": "2018-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21322"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011027"
          },
          {
            "date": "2018-10-17T02:29:01.140000",
            "db": "NVD",
            "id": "CVE-2018-17901"
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-762"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1261"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1254"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1262"
          },
          {
            "date": "2018-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21322"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011027"
          },
          {
            "date": "2019-10-09T23:37:01.380000",
            "db": "NVD",
            "id": "CVE-2018-17901"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-762"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-762"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA LQS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1254"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1262"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fe2c8f-39ab-11e9-8d5b-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-762"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201902-0651

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges. LCDS Laquis SCADA Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the product's webserver. The product contains a hard-coded password for a number of undocumented accounts. An attacker can leverage this vulnerability to bypass authentication on the system. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A security vulnerability exists in the LCDS LAquis SCADA version 4.1.0.3870, which stems from the fact that the program uses hard-coded credentials. LCDS LAquis SCADA is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0651",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.4150"
          },
          {
            "model": "software",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4150"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d50256e2-a4e6-403f-89b1-54340f354701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-067"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28121"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014313"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18998"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.0.4150",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18998"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Esteban Ruiz (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-067"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-18998",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-18998",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 1.5,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-28121",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "d50256e2-a4e6-403f-89b1-54340f354701",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-18998",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-18998",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-18998",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-28121",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-519",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "d50256e2-a4e6-403f-89b1-54340f354701",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d50256e2-a4e6-403f-89b1-54340f354701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-067"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014313"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18998"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-519"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges. LCDS Laquis SCADA Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the product\u0027s webserver.  The product contains a hard-coded password for a number of undocumented accounts.  An attacker can leverage this vulnerability to bypass authentication on the system. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A security vulnerability exists in the LCDS LAquis SCADA version 4.1.0.3870, which stems from the fact that the program uses hard-coded credentials. LCDS LAquis SCADA is prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. \nLCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18998"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014313"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-067"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28121"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "IVD",
            "id": "d50256e2-a4e6-403f-89b1-54340f354701"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-18998",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "106634",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28121",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-519",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014313",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6677",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-067",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01T",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "D50256E2-A4E6-403F-89B1-54340F354701",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d50256e2-a4e6-403f-89b1-54340f354701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-067"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28121"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014313"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18998"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-519"
          }
        ]
      },
      "id": "VAR-201902-0651",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "d50256e2-a4e6-403f-89b1-54340f354701"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28121"
          }
        ],
        "trust": 1.4364672
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d50256e2-a4e6-403f-89b1-54340f354701"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28121"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:14.318000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "TopPage",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "title": "LCDS LAquis SCADA has an unexplained patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/176017"
          },
          {
            "title": "LCDS LAquis SCADA Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88645"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-067"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014313"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-519"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014313"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18998"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/106634"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18998"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18998"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/106634third party advisoryvdb entry"
          },
          {
            "trust": 0.3,
            "url": "https://laquisscada.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-067"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28121"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014313"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18998"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-519"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "d50256e2-a4e6-403f-89b1-54340f354701"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-067"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28121"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014313"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18998"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-519"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-20T00:00:00",
            "db": "IVD",
            "id": "d50256e2-a4e6-403f-89b1-54340f354701"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-067"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-28121"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-03-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014313"
          },
          {
            "date": "2019-02-05T18:29:00.710000",
            "db": "NVD",
            "id": "CVE-2018-18998"
          },
          {
            "date": "2019-01-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-519"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-067"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-28121"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-03-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014313"
          },
          {
            "date": "2019-10-09T23:37:33.177000",
            "db": "NVD",
            "id": "CVE-2018-18998"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-519"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-519"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA Vulnerabilities related to the use of hard-coded credentials",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014313"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-519"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201902-0640

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash. LCDS Laquis SCADA Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a controlled call to VirtualProtect. An attacker can leverage this vulnerability to execute code in the context of the aq process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0640",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.4150"
          },
          {
            "model": "scada",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis",
            "version": null
          },
          {
            "model": "le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4150"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f421-463f-11e9-9e2b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02387"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013084"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19002"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.0.4150",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19002"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Esteban Ruiz (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-097"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-19002",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 8.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-19002",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-02387",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "7d84f421-463f-11e9-9e2b-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-19002",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2018-19002",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19002",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-19002",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-02387",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-512",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d84f421-463f-11e9-9e2b-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f421-463f-11e9-9e2b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02387"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013084"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-512"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash. LCDS Laquis SCADA Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a controlled call to VirtualProtect. An attacker can leverage this vulnerability to execute code in the context of the aq process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. \nLCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19002"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013084"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02387"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "IVD",
            "id": "7d84f421-463f-11e9-9e2b-000c29342cb1"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19002",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "106634",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02387",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-512",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013084",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7110",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-097",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01T",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "7D84F421-463F-11E9-9E2B-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f421-463f-11e9-9e2b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02387"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013084"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-512"
          }
        ]
      },
      "id": "VAR-201902-0640",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f421-463f-11e9-9e2b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02387"
          }
        ],
        "trust": 1.5576448
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f421-463f-11e9-9e2b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02387"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:14.275000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://laquisscada.com"
          },
          {
            "title": "LAquis has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "title": "Patch for LCDS LAquis SCADA Code Injection Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/150975"
          },
          {
            "title": "LCDS LAquis SCADA Fixes for code injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88657"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02387"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-512"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013084"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19002"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/106634"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19002"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19002"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/106634third party advisoryvdb entry"
          },
          {
            "trust": 0.3,
            "url": "https://laquisscada.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02387"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013084"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-512"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d84f421-463f-11e9-9e2b-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02387"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013084"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19002"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-512"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-22T00:00:00",
            "db": "IVD",
            "id": "7d84f421-463f-11e9-9e2b-000c29342cb1"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-097"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02387"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013084"
          },
          {
            "date": "2019-02-05T18:29:00.773000",
            "db": "NVD",
            "id": "CVE-2018-19002"
          },
          {
            "date": "2019-01-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-512"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-097"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02387"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013084"
          },
          {
            "date": "2019-10-09T23:37:34.787000",
            "db": "NVD",
            "id": "CVE-2018-19002"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-512"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-512"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS LAquis SCADA Code injection vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f421-463f-11e9-9e2b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02387"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-512"
          }
        ],
        "trust": 2.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code injection",
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f421-463f-11e9-9e2b-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-512"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201902-0645

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash. LCDS Laquis SCADA Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A security vulnerability exists in the LCDS LAquis SCADA version 4.1.0.3870. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0645",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.4150"
          },
          {
            "model": "software",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4150"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "630a6c5b-271f-4942-878e-ab342dd4dbf3"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-056"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28114"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001220"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19029"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.0.4150",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19029"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Esteban Ruiz (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-056"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-19029",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 8.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-19029",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-19029",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-28114",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "630a6c5b-271f-4942-878e-ab342dd4dbf3",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-19029",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19029",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-19029",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-28114",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-513",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "630a6c5b-271f-4942-878e-ab342dd4dbf3",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "630a6c5b-271f-4942-878e-ab342dd4dbf3"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-056"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28114"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001220"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-513"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash. LCDS Laquis SCADA Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A security vulnerability exists in the LCDS LAquis SCADA version 4.1.0.3870. Failed attempts will likely cause a denial-of-service condition. \nLCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001220"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-056"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28114"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "IVD",
            "id": "630a6c5b-271f-4942-878e-ab342dd4dbf3"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19029",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "106634",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28114",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-513",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001220",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6452",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-056",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01T",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "630A6C5B-271F-4942-878E-AB342DD4DBF3",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "630a6c5b-271f-4942-878e-ab342dd4dbf3"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-056"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28114"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001220"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-513"
          }
        ]
      },
      "id": "VAR-201902-0645",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "630a6c5b-271f-4942-878e-ab342dd4dbf3"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28114"
          }
        ],
        "trust": 1.4364672
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "630a6c5b-271f-4942-878e-ab342dd4dbf3"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28114"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:14.237000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://laquisscada.com"
          },
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "title": "LCDS LAquis SCADA has an unspecified vulnerability (CNVD-2019-28114) patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/176013"
          },
          {
            "title": "LCDS LAquis SCADA Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88658"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-056"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28114"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001220"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-513"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001220"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19029"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/106634"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19029"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19029"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/106634third party advisoryvdb entry"
          },
          {
            "trust": 0.3,
            "url": "https://laquisscada.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-056"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28114"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001220"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-513"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "630a6c5b-271f-4942-878e-ab342dd4dbf3"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-056"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28114"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001220"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19029"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-513"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-20T00:00:00",
            "db": "IVD",
            "id": "630a6c5b-271f-4942-878e-ab342dd4dbf3"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-056"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-28114"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-001220"
          },
          {
            "date": "2019-02-05T18:29:00.820000",
            "db": "NVD",
            "id": "CVE-2018-19029"
          },
          {
            "date": "2019-01-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-513"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-056"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-28114"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-001220"
          },
          {
            "date": "2019-10-09T23:37:37.973000",
            "db": "NVD",
            "id": "CVE-2018-19029"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-513"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-513"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA In  NULL Pointer dereference vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-001220"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "630a6c5b-271f-4942-878e-ab342dd4dbf3"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-513"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201902-0650

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server. LCDS Laquis SCADA Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorionome.lhtml. When parsing the NOME Element, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the aq process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0650",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "software",
            "scope": null,
            "trust": 2.1,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.4150"
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4150"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "fb066b88-dbba-4390-addc-43425f7b94e6"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-065"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-064"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-066"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28111"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014314"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18996"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.0.4150",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18996"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Esteban Ruiz (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-065"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-064"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-066"
          }
        ],
        "trust": 2.1
      },
      "cve": "CVE-2018-18996",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-18996",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 2.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-28111",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "fb066b88-dbba-4390-addc-43425f7b94e6",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-18996",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-18996",
                "trust": 2.1,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-18996",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-28111",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-518",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "fb066b88-dbba-4390-addc-43425f7b94e6",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "fb066b88-dbba-4390-addc-43425f7b94e6"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-065"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-064"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-066"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28111"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014314"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-518"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server. LCDS Laquis SCADA Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorionome.lhtml. When parsing the NOME Element, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script.  An attacker can leverage this vulnerability to execute code in the context of the aq process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. \nLCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18996"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014314"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-065"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-064"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-066"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28111"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "IVD",
            "id": "fb066b88-dbba-4390-addc-43425f7b94e6"
          }
        ],
        "trust": 4.5
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-18996",
            "trust": 5.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "106634",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28111",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-518",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014314",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6675",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-065",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6674",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-064",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6676",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-066",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01T",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "FB066B88-DBBA-4390-ADDC-43425F7B94E6",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "fb066b88-dbba-4390-addc-43425f7b94e6"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-065"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-064"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-066"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28111"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014314"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-518"
          }
        ]
      },
      "id": "VAR-201902-0650",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "fb066b88-dbba-4390-addc-43425f7b94e6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28111"
          }
        ],
        "trust": 1.4364672
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "fb066b88-dbba-4390-addc-43425f7b94e6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28111"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:14.190000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 2.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "title": "TopPage",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "LCDS LAquis SCADA has an unspecified vulnerability (CNVD-2019-28111) patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/176015"
          },
          {
            "title": "LCDS LAquis SCADA Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88646"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-065"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-064"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-066"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28111"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014314"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-518"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-862",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-285",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014314"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18996"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 5.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/106634"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18996"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18996"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/106634third party advisoryvdb entry"
          },
          {
            "trust": 0.3,
            "url": "https://laquisscada.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-065"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-064"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-066"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28111"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014314"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-518"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "fb066b88-dbba-4390-addc-43425f7b94e6"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-065"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-064"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-066"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28111"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014314"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-518"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-20T00:00:00",
            "db": "IVD",
            "id": "fb066b88-dbba-4390-addc-43425f7b94e6"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-065"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-064"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-066"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-28111"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-03-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014314"
          },
          {
            "date": "2019-02-05T18:29:00.663000",
            "db": "NVD",
            "id": "CVE-2018-18996"
          },
          {
            "date": "2019-01-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-518"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-065"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-064"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-066"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-28111"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-03-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014314"
          },
          {
            "date": "2019-10-09T23:37:32.910000",
            "db": "NVD",
            "id": "CVE-2018-18996"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-518"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-518"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA Authorization vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014314"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-518"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201902-0646

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution. LCDS Laquis SCADA Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LGX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0646",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.4150"
          },
          {
            "model": "software",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4150"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f422-463f-11e9-9432-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-057"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02386"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014371"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18986"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.0.4150",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18986"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Esteban Ruiz (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-057"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-18986",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 8.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-18986",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-18986",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-02386",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d84f422-463f-11e9-9432-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-18986",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-18986",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-18986",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-02386",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-514",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d84f422-463f-11e9-9432-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f422-463f-11e9-9432-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-057"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02386"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014371"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18986"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-514"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution. LCDS Laquis SCADA Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LGX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer.  An attacker can leverage this vulnerability to execute code in the context of the process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. Failed attempts will likely cause a denial-of-service condition. \nLCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18986"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014371"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-057"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02386"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "IVD",
            "id": "7d84f422-463f-11e9-9432-000c29342cb1"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-18986",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "106634",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02386",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-514",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014371",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6490",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-057",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01T",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "7D84F422-463F-11E9-9432-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f422-463f-11e9-9432-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-057"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02386"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014371"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18986"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-514"
          }
        ]
      },
      "id": "VAR-201902-0646",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f422-463f-11e9-9432-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02386"
          }
        ],
        "trust": 1.5576448
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f422-463f-11e9-9432-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02386"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:14.149000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "title": "Patch for LAquis SCADA Cross-Boundary Write Vulnerability (CNVD-2019-02386)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/150973"
          },
          {
            "title": "LAquis SCADA Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88650"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-057"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02386"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014371"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-514"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014371"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18986"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/106634"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18986"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18986"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/106634third party advisoryvdb entry"
          },
          {
            "trust": 0.3,
            "url": "https://laquisscada.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-057"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02386"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014371"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18986"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-514"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d84f422-463f-11e9-9432-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-057"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02386"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014371"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18986"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-514"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-22T00:00:00",
            "db": "IVD",
            "id": "7d84f422-463f-11e9-9432-000c29342cb1"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-057"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02386"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-03-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014371"
          },
          {
            "date": "2019-02-05T18:29:00.553000",
            "db": "NVD",
            "id": "CVE-2018-18986"
          },
          {
            "date": "2019-01-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-514"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-057"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02386"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-03-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014371"
          },
          {
            "date": "2019-10-09T23:37:31.817000",
            "db": "NVD",
            "id": "CVE-2018-18986"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-514"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-514"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA Vulnerable to out-of-bounds reading",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014371"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f422-463f-11e9-9432-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-514"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201902-0649

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server. LCDS Laquis SCADA Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to relatorioindividual.lhtml. When parsing the TAG Element, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the aq process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A security vulnerability exists in the LCDS LAquis SCADA version 4.1.0.3870, which was caused by a user receiving a user input without properly filtering it. LCDS LAquis SCADA is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0649",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "software",
            "scope": null,
            "trust": 2.8,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.4150"
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4150"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "6fadf373-9b63-41a2-829a-f80acd255e43"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-061"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-062"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-063"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28112"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014315"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18992"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.0.4150",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18992"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Esteban Ruiz (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-061"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-062"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-063"
          }
        ],
        "trust": 2.8
      },
      "cve": "CVE-2018-18992",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-18992",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 2.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-18992",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-28112",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "6fadf373-9b63-41a2-829a-f80acd255e43",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-18992",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "ZDI",
                "id": "CVE-2018-18992",
                "trust": 2.8,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-18992",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-28112",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-517",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "6fadf373-9b63-41a2-829a-f80acd255e43",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "6fadf373-9b63-41a2-829a-f80acd255e43"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-061"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-062"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-063"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28112"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014315"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-517"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server. LCDS Laquis SCADA Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to relatorioindividual.lhtml. When parsing the TAG Element, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the aq process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A security vulnerability exists in the LCDS LAquis SCADA version 4.1.0.3870, which was caused by a user receiving a user input without properly filtering it. LCDS LAquis SCADA is prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. \nLCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014315"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-061"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-062"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-063"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28112"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "IVD",
            "id": "6fadf373-9b63-41a2-829a-f80acd255e43"
          }
        ],
        "trust": 5.13
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-18992",
            "trust": 6.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "106634",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28112",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-517",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014315",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6671",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-061",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6668",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-059",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6672",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-062",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6673",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-063",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01T",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "6FADF373-9B63-41A2-829A-F80ACD255E43",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "6fadf373-9b63-41a2-829a-f80acd255e43"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-061"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-062"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-063"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28112"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014315"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-517"
          }
        ]
      },
      "id": "VAR-201902-0649",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "6fadf373-9b63-41a2-829a-f80acd255e43"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28112"
          }
        ],
        "trust": 1.4364672
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "6fadf373-9b63-41a2-829a-f80acd255e43"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28112"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:13.997000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "title": "TopPage",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "LCDS LAquis SCADA injection vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/176011"
          },
          {
            "title": "LCDS LAquis SCADA Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88647"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-061"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-062"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-063"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28112"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014315"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-517"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-74",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014315"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18992"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 6.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/106634"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18992"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18992"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/106634third party advisoryvdb entry"
          },
          {
            "trust": 0.3,
            "url": "https://laquisscada.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-061"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-062"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-063"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28112"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014315"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-517"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "6fadf373-9b63-41a2-829a-f80acd255e43"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-061"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-059"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-062"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-063"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-28112"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014315"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-517"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-20T00:00:00",
            "db": "IVD",
            "id": "6fadf373-9b63-41a2-829a-f80acd255e43"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-061"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-059"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-062"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-063"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-28112"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-03-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014315"
          },
          {
            "date": "2019-02-05T18:29:00.617000",
            "db": "NVD",
            "id": "CVE-2018-18992"
          },
          {
            "date": "2019-01-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-517"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-061"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-059"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-062"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-063"
          },
          {
            "date": "2019-08-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-28112"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-03-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014315"
          },
          {
            "date": "2019-10-09T23:37:32.427000",
            "db": "NVD",
            "id": "CVE-2018-18992"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-517"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-517"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS LAquis SCADA Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-28112"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014315"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-517"
          }
        ],
        "trust": 2.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "injection",
        "sources": [
          {
            "db": "IVD",
            "id": "6fadf373-9b63-41a2-829a-f80acd255e43"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-517"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201902-0648

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process. LCDS Laquis SCADA Contains a path traversal vulnerability.Information may be obtained. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requested URLs. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. The vulnerability stems from the fact that the program failed to validate correctly before using the user-submitted path. information. LCDS LAquis SCADA is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0648",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.4150"
          },
          {
            "model": "software",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4150"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f423-463f-11e9-9895-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02385"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014316"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18990"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.0.4150",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18990"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Esteban Ruiz (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-058"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-18990",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-18990",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 1.5,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-02385",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d84f423-463f-11e9-9895-000c29342cb1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-18990",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-18990",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-18990",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-02385",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-515",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "7d84f423-463f-11e9-9895-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f423-463f-11e9-9895-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014316"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-515"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process. LCDS Laquis SCADA Contains a path traversal vulnerability.Information may be obtained. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requested URLs. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. The vulnerability stems from the fact that the program failed to validate correctly before using the user-submitted path. information. LCDS LAquis SCADA is prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. \nLCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18990"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014316"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02385"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "IVD",
            "id": "7d84f423-463f-11e9-9895-000c29342cb1"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-18990",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "106634",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02385",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-515",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014316",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6667",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-058",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01T",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "7D84F423-463F-11E9-9895-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f423-463f-11e9-9895-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02385"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014316"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-515"
          }
        ]
      },
      "id": "VAR-201902-0648",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f423-463f-11e9-9895-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02385"
          }
        ],
        "trust": 1.5576448
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f423-463f-11e9-9895-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02385"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:13.957000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "TopPage",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "title": "LCDS LAquis SCADA Path Traversal Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/150971"
          },
          {
            "title": "LCDS LAquis SCADA Repair measures for path traversal vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88649"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014316"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-515"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014316"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18990"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/106634"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18990"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18990"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/106634third party advisoryvdb entry"
          },
          {
            "trust": 0.3,
            "url": "https://laquisscada.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02385"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014316"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-515"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d84f423-463f-11e9-9895-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-058"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02385"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014316"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-515"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-22T00:00:00",
            "db": "IVD",
            "id": "7d84f423-463f-11e9-9895-000c29342cb1"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-058"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02385"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-03-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014316"
          },
          {
            "date": "2019-02-05T18:29:00.587000",
            "db": "NVD",
            "id": "CVE-2018-18990"
          },
          {
            "date": "2019-01-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-515"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-058"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02385"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-03-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014316"
          },
          {
            "date": "2019-10-09T23:37:32.193000",
            "db": "NVD",
            "id": "CVE-2018-18990"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-515"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-515"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS LAquis SCADA Path traversal vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f423-463f-11e9-9895-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014316"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-515"
          }
        ],
        "trust": 2.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Path traversal",
        "sources": [
          {
            "db": "IVD",
            "id": "7d84f423-463f-11e9-9895-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-515"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201902-0639

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data. LCDS Laquis SCADA Contains an authentication vulnerability.Information may be obtained. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of URIs by the product's web server. A crafted URI can cause the web service to bypass authentication that should be required for the web page. An attacker can leverage this vulnerability to access system information. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0639",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.4150"
          },
          {
            "model": "software",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4150"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d854241-463f-11e9-b348-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-068"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02390"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013083"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19000"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.0.4150",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19000"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Esteban Ruiz (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-068"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-19000",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-19000",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 1.5,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-02390",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d854241-463f-11e9-b348-000c29342cb1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-19000",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19000",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-19000",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-02390",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-520",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "7d854241-463f-11e9-b348-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d854241-463f-11e9-b348-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-068"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013083"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-520"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data. LCDS Laquis SCADA Contains an authentication vulnerability.Information may be obtained. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of URIs by the product\u0027s web server.  A crafted URI can cause the web service to bypass authentication that should be required for the web page.  An attacker can leverage this vulnerability to access system information. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. \nLCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19000"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013083"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-068"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02390"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "IVD",
            "id": "7d854241-463f-11e9-b348-000c29342cb1"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19000",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "106634",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02390",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-520",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013083",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7074",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-068",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01T",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "7D854241-463F-11E9-B348-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d854241-463f-11e9-b348-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-068"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02390"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013083"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-520"
          }
        ]
      },
      "id": "VAR-201902-0639",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d854241-463f-11e9-b348-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02390"
          }
        ],
        "trust": 1.5576448
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d854241-463f-11e9-b348-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02390"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:13.919000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://laquisscada.com"
          },
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "title": "LCDS LAquis SCADA authentication bypass vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/150969"
          },
          {
            "title": "LCDS LAquis SCADA Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88644"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-068"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013083"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-520"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013083"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19000"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/106634"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19000"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19000"
          },
          {
            "trust": 0.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01third party advisoryus government resource"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/106634third party advisoryvdb entry"
          },
          {
            "trust": 0.3,
            "url": "https://laquisscada.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-068"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02390"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013083"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-520"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d854241-463f-11e9-b348-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-068"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02390"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013083"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19000"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-520"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-22T00:00:00",
            "db": "IVD",
            "id": "7d854241-463f-11e9-b348-000c29342cb1"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-068"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02390"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013083"
          },
          {
            "date": "2019-02-05T18:29:00.743000",
            "db": "NVD",
            "id": "CVE-2018-19000"
          },
          {
            "date": "2019-01-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-520"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-068"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02390"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013083"
          },
          {
            "date": "2019-10-09T23:37:34.537000",
            "db": "NVD",
            "id": "CVE-2018-19000"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-520"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-520"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS LAquis SCADA Authentication Bypass Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "7d854241-463f-11e9-b348-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02390"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-520"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201903-1176

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration. LCDS Laquis SCADA Contains an out-of-bounds vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-1176",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "laquisscada",
            "version": "4.1.0.4150"
          },
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "lcds",
            "version": "4.1.0.4150"
          },
          {
            "model": "software",
            "scope": null,
            "trust": 0.7,
            "vendor": "laquis scada",
            "version": null
          },
          {
            "model": "le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4150"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d851b31-463f-11e9-b0dc-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-060"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02389"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015128"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18994"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:laquisscada:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.0.4150",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18994"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Esteban Ruiz (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-060"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-18994",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 7.8,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-18994",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-18994",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-02389",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d851b31-463f-11e9-b0dc-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.2,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-18994",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-18994",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-18994",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-02389",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-516",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d851b31-463f-11e9-b0dc-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d851b31-463f-11e9-b0dc-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-060"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02389"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015128"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18994"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-516"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration. LCDS Laquis SCADA Contains an out-of-bounds vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. Failed attempts will likely cause a denial-of-service condition. \nLCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18994"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015128"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-060"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02389"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "IVD",
            "id": "7d851b31-463f-11e9-b0dc-000c29342cb1"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-18994",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01",
            "trust": 3.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02389",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-516",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015128",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6670",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-060",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "106634",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "7D851B31-463F-11E9-B0DC-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d851b31-463f-11e9-b0dc-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-060"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02389"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015128"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18994"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-516"
          }
        ]
      },
      "id": "VAR-201903-1176",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d851b31-463f-11e9-b0dc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02389"
          }
        ],
        "trust": 1.5576448
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d851b31-463f-11e9-b0dc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02389"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:13.881000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "LAquis SCADA has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "title": "LCDS LAquis SCADA Offset Write Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/150967"
          },
          {
            "title": "LCDS LAquis SCADA Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88648"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-060"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02389"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015128"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-516"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015128"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18994"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18994"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18994"
          },
          {
            "trust": 0.3,
            "url": "https://laquisscada.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-060"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02389"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015128"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18994"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-516"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d851b31-463f-11e9-b0dc-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-060"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02389"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015128"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18994"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-516"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-22T00:00:00",
            "db": "IVD",
            "id": "7d851b31-463f-11e9-b0dc-000c29342cb1"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-060"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02389"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-04-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015128"
          },
          {
            "date": "2019-03-27T18:29:00.397000",
            "db": "NVD",
            "id": "CVE-2018-18994"
          },
          {
            "date": "2019-01-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-516"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-060"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02389"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-04-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015128"
          },
          {
            "date": "2019-10-09T23:37:32.647000",
            "db": "NVD",
            "id": "CVE-2018-18994"
          },
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-516"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-516"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA Vulnerable to out-of-bounds reading",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015128"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "7d851b31-463f-11e9-b0dc-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-516"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201902-0641

    Vulnerability from variot - Updated: 2023-12-18 12:18

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration. LCDS Laquis SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the aq process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. LCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0641",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "lcds",
            "version": "4.1.0.4150"
          },
          {
            "model": "scada",
            "scope": null,
            "trust": 1.4,
            "vendor": "laquis",
            "version": null
          },
          {
            "model": "le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.3870"
          },
          {
            "model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "lcds",
            "version": "-4.1.0.4150"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "laquis scada",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d854240-463f-11e9-b38a-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-099"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02388"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014064"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19004"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.0.4150",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19004"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Esteban Ruiz (mr_me) of Source Incite",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-099"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-098"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2018-19004",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-19004",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-02388",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "7d854240-463f-11e9-b38a-000c29342cb1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "id": "CVE-2018-19004",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.4,
                "userInteraction": "REQUIRED",
                "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.8,
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.3,
                "baseSeverity": "Low",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-19004",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-19004",
                "trust": 1.8,
                "value": "LOW"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-19004",
                "trust": 1.4,
                "value": "LOW"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-02388",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201901-511",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "7d854240-463f-11e9-b38a-000c29342cb1",
                "trust": 0.2,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d854240-463f-11e9-b38a-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-099"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02388"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014064"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-511"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration. LCDS Laquis SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software.  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files.  The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the aq process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. LCDS LAquis SCADA is prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to execute arbitrary code, perform unauthorized actions or gain access to sensitive information that may aid in further attacks. Failed attempts will likely cause a denial-of-service condition. \nLCDS LAquis SCADA version 4.1.0.3870 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19004"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014064"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-099"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02388"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "IVD",
            "id": "7d854240-463f-11e9-b38a-000c29342cb1"
          }
        ],
        "trust": 3.87
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19004",
            "trust": 4.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-015-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "106634",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02388",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-511",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014064",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7114",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-099",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-7113",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-098",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "7D854240-463F-11E9-B38A-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d854240-463f-11e9-b38a-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-099"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02388"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014064"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-511"
          }
        ]
      },
      "id": "VAR-201902-0641",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d854240-463f-11e9-b38a-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02388"
          }
        ],
        "trust": 1.5576448
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d854240-463f-11e9-b38a-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02388"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:18:13.831000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LAquis has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "LCDS LAquis SCADA patch for out-of-bounds read vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/150977"
          },
          {
            "title": "LCDS LAquis SCADA Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88656"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-099"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02388"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-511"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014064"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19004"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-015-01"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/106634"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19004"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19004"
          },
          {
            "trust": 0.3,
            "url": "https://laquisscada.com/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-099"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02388"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014064"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-511"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d854240-463f-11e9-b38a-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-099"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-098"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-02388"
          },
          {
            "db": "BID",
            "id": "106634"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014064"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-511"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-22T00:00:00",
            "db": "IVD",
            "id": "7d854240-463f-11e9-b38a-000c29342cb1"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-099"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-098"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02388"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-03-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014064"
          },
          {
            "date": "2019-02-01T18:29:01.193000",
            "db": "NVD",
            "id": "CVE-2018-19004"
          },
          {
            "date": "2019-01-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-511"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-099"
          },
          {
            "date": "2019-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-19-098"
          },
          {
            "date": "2019-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-02388"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "BID",
            "id": "106634"
          },
          {
            "date": "2019-03-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014064"
          },
          {
            "date": "2019-10-09T23:37:35.130000",
            "db": "NVD",
            "id": "CVE-2018-19004"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201901-511"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-511"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAquis SCADA LQS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-19-099"
          },
          {
            "db": "ZDI",
            "id": "ZDI-19-098"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "7d854240-463f-11e9-b38a-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201901-511"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202107-1662

    Vulnerability from variot - Updated: 2023-12-18 11:14

    When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting. LCDS (Leao Consultoria e Desenvolvimento de Sistemas LTDA ME) Provided by LAquis SCADA Cross-site scripting (CWE-79 , CVE-2021-32989) A vulnerability exists.Sensitive information can be stolen or arbitrary code executed by a remote third party. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202107-1662",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "lcds",
            "version": "4.3.1.1011"
          },
          {
            "model": "laquis scada",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "lcds",
            "version": "versions 4.3.1.1011  and earlier"
          },
          {
            "model": "laquis scada",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "lcds",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002010"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-32989"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.3.1.1011",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-32989"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Michael Heinzl reported this vulnerability to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2100"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-32989",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 4.7,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 9.3,
                "baseSeverity": "Critical",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002010",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-32989",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2021-32989",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002010",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2100",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002010"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-32989"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-32989"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2100"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting. LCDS (Leao Consultoria e Desenvolvimento de Sistemas LTDA ME) Provided by LAquis SCADA Cross-site scripting (CWE-79 , CVE-2021-32989) A vulnerability exists.Sensitive information can be stolen or arbitrary code executed by a remote third party. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-32989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-32989"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-04",
            "trust": 2.5
          },
          {
            "db": "NVD",
            "id": "CVE-2021-32989",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU91603968",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002010",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072805",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2553",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2100",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-32989",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-32989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002010"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-32989"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2100"
          }
        ]
      },
      "id": "VAR-202107-1662",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5507122
      },
      "last_update_date": "2023-12-18T11:14:01.998000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LAquis\u00a0SCADA",
            "trust": 0.8,
            "url": "https://laquisscada.com/"
          },
          {
            "title": "LCDS LAquis SCADA Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=157945"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2100"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002010"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-32989"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-04"
          },
          {
            "trust": 1.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-04"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu91603968/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072805"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2553"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-32989/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-32989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002010"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-32989"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2100"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2021-32989"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002010"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-32989"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2100"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-32989"
          },
          {
            "date": "2021-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002010"
          },
          {
            "date": "2022-05-25T14:15:08.450000",
            "db": "NVD",
            "id": "CVE-2021-32989"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2100"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-32989"
          },
          {
            "date": "2021-07-29T07:01:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002010"
          },
          {
            "date": "2022-06-07T20:59:47.073000",
            "db": "NVD",
            "id": "CVE-2021-32989"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2022-06-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2100"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2100"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LCDS\u00a0 Made by the company \u00a0LAquis\u00a0SCADA\u00a0 Cross-site Scripting Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002010"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2024-5040 (GCVE-0-2024-5040)

    Vulnerability from nvd – Published: 2024-05-21 20:19 – Updated: 2024-08-01 21:03
    VLAI
    Title
    LCDS LAquis SCADA Path Traversal
    Summary
    There are multiple ways in LCDS LAquis SCADA for an attacker to access locations outside of their own directory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    LCDS LAquis SCADA Affected: 0 , ≤ 4.7.1.7 (custom)
    Create a notification for this product.
    lcds laquis_scada Affected: *
        cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "laquis_scada",
                "vendor": "lcds",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5040",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-22T14:29:23.705386Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:51.586Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:10.607Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-142-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "LAquis SCADA",
              "vendor": "LCDS",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nThere are multiple ways in \nLCDS LAquis SCADA for an attacker to access locations outside of their own directory.\n\n"
                }
              ],
              "value": "There are multiple ways in \nLCDS LAquis SCADA for an attacker to access locations outside of their own directory."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T20:19:19.456Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-142-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nLCDS recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://laquisscada.com/\"\u003eversion 4.7.1.371 or newer of LAquis SCADA.\u003c/a\u003e which has been configured to resolve the reported path traversal issues.\n\n\u003cbr\u003e"
                }
              ],
              "value": "LCDS recommends users update to  version 4.7.1.371 or newer of LAquis SCADA. https://laquisscada.com/  which has been configured to resolve the reported path traversal issues."
            }
          ],
          "source": {
            "advisory": "ICSA-24-142-01",
            "discovery": "EXTERNAL"
          },
          "title": "LCDS LAquis SCADA Path Traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-5040",
        "datePublished": "2024-05-21T20:19:19.456Z",
        "dateReserved": "2024-05-16T23:41:33.314Z",
        "dateUpdated": "2024-08-01T21:03:10.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5040 (GCVE-0-2024-5040)

    Vulnerability from cvelistv5 – Published: 2024-05-21 20:19 – Updated: 2024-08-01 21:03
    VLAI
    Title
    LCDS LAquis SCADA Path Traversal
    Summary
    There are multiple ways in LCDS LAquis SCADA for an attacker to access locations outside of their own directory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    LCDS LAquis SCADA Affected: 0 , ≤ 4.7.1.7 (custom)
    Create a notification for this product.
    lcds laquis_scada Affected: *
        cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "laquis_scada",
                "vendor": "lcds",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5040",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-22T14:29:23.705386Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:51.586Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:10.607Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-142-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "LAquis SCADA",
              "vendor": "LCDS",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nThere are multiple ways in \nLCDS LAquis SCADA for an attacker to access locations outside of their own directory.\n\n"
                }
              ],
              "value": "There are multiple ways in \nLCDS LAquis SCADA for an attacker to access locations outside of their own directory."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T20:19:19.456Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-142-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nLCDS recommends users update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://laquisscada.com/\"\u003eversion 4.7.1.371 or newer of LAquis SCADA.\u003c/a\u003e which has been configured to resolve the reported path traversal issues.\n\n\u003cbr\u003e"
                }
              ],
              "value": "LCDS recommends users update to  version 4.7.1.371 or newer of LAquis SCADA. https://laquisscada.com/  which has been configured to resolve the reported path traversal issues."
            }
          ],
          "source": {
            "advisory": "ICSA-24-142-01",
            "discovery": "EXTERNAL"
          },
          "title": "LCDS LAquis SCADA Path Traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-5040",
        "datePublished": "2024-05-21T20:19:19.456Z",
        "dateReserved": "2024-05-16T23:41:33.314Z",
        "dateUpdated": "2024-08-01T21:03:10.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32989 (GCVE-0-2021-32989)

    Vulnerability from cvelistv5 – Published: 2022-05-25 13:31 – Updated: 2025-04-16 16:18
    VLAI
    Title
    LCDS LAquis SCADA - Cross-site Scripting
    Summary
    When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Credits
    Michael Heinzl reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:19.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-04"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-32989",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:55:36.940023Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:18:23.554Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LAquis SCADA",
              "vendor": "LCDS\u2014Le\u00e3o Consultoria e Desenvolvimento de Sistemas Ltda ME",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.1.1011",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Michael Heinzl reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-25T13:31:36.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-04"
            }
          ],
          "source": {
            "advisory": "ICSA-21-208-04",
            "discovery": "UNKNOWN"
          },
          "title": "LCDS LAquis SCADA - Cross-site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-32989",
              "STATE": "PUBLIC",
              "TITLE": "LCDS LAquis SCADA - Cross-site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LAquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "All",
                                "version_value": "4.3.1.1011"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "LCDS\u2014Le\u00e3o Consultoria e Desenvolvimento de Sistemas Ltda ME"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Michael Heinzl reported this vulnerability to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-04",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-04"
                }
              ]
            },
            "source": {
              "advisory": "ICSA-21-208-04",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-32989",
        "datePublished": "2022-05-25T13:31:36.000Z",
        "dateReserved": "2021-05-13T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:18:23.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }