var-201705-3185
Vulnerability from variot
An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges. LAquis SCADA is a tool and language for data collection, process monitoring, industrial automation, storage and reporting for quality management and application development. LAquis SCADA has a local access bypass vulnerability. With this vulnerability, an attacker can bypass unauthorized security operations by bypassing some security restrictions.
CVE-2017-6016 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). Other vectors are possible as well.
+++++
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ltda me laquis scada",
"scope": "lte",
"trust": 1.0,
"vendor": "leao consultoria e desenvolvimento de sistemas",
"version": "4.1"
},
{
"model": "laquis scada",
"scope": "lte",
"trust": 0.8,
"vendor": "lcds",
"version": "4.1"
},
{
"model": "ltda me laquis scada",
"scope": "eq",
"trust": 0.6,
"vendor": "laquisscada",
"version": "4.1"
},
{
"model": "ltda me laquis scada",
"scope": "eq",
"trust": 0.6,
"vendor": "leao consultoria e desenvolvimento de sistemas",
"version": "4.1"
},
{
"model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
"scope": "eq",
"trust": 0.3,
"vendor": "lcds",
"version": "-4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ltda me laquis scada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "08212888-7198-4132-aa3d-15ce85c5f3da"
},
{
"db": "CNVD",
"id": "CNVD-2017-05061"
},
{
"db": "BID",
"id": "96942"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004290"
},
{
"db": "NVD",
"id": "CVE-2017-6016"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-596"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:leao_consultoria_e_desenvolvimento_de_sistemas:ltda_me_laquis_scada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6016"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "96942"
},
{
"db": "PACKETSTORM",
"id": "142043"
}
],
"trust": 0.4
},
"cve": "CVE-2017-6016",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-6016",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-05061",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "08212888-7198-4132-aa3d-15ce85c5f3da",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6016",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6016",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-05061",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-596",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "08212888-7198-4132-aa3d-15ce85c5f3da",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "08212888-7198-4132-aa3d-15ce85c5f3da"
},
{
"db": "CNVD",
"id": "CNVD-2017-05061"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004290"
},
{
"db": "NVD",
"id": "CVE-2017-6016"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-596"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges. LAquis SCADA is a tool and language for data collection, process monitoring, industrial automation, storage and reporting for quality management and application development. LAquis SCADA has a local access bypass vulnerability. With this vulnerability, an attacker can bypass unauthorized security operations by bypassing some security restrictions. \n\nCVE-2017-6016 has been assigned to this vulnerability. A CVSS v3 base score\nof 7.3 has been assigned; the CVSS vector string is\n(AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). Other vectors are\npossible as well. \n\n+++++\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6016"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004290"
},
{
"db": "CNVD",
"id": "CNVD-2017-05061"
},
{
"db": "BID",
"id": "96942"
},
{
"db": "IVD",
"id": "08212888-7198-4132-aa3d-15ce85c5f3da"
},
{
"db": "PACKETSTORM",
"id": "142043"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6016",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-075-01",
"trust": 2.8
},
{
"db": "BID",
"id": "96942",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-05061",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-596",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004290",
"trust": 0.8
},
{
"db": "IVD",
"id": "08212888-7198-4132-AA3D-15CE85C5F3DA",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142043",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "08212888-7198-4132-aa3d-15ce85c5f3da"
},
{
"db": "CNVD",
"id": "CNVD-2017-05061"
},
{
"db": "BID",
"id": "96942"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004290"
},
{
"db": "PACKETSTORM",
"id": "142043"
},
{
"db": "NVD",
"id": "CVE-2017-6016"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-596"
}
]
},
"id": "VAR-201705-3185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "08212888-7198-4132-aa3d-15ce85c5f3da"
},
{
"db": "CNVD",
"id": "CNVD-2017-05061"
}
],
"trust": 1.5576448
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "08212888-7198-4132-aa3d-15ce85c5f3da"
},
{
"db": "CNVD",
"id": "CNVD-2017-05061"
}
]
},
"last_update_date": "2023-12-18T13:53:01.521000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.lcds.com.br/"
},
{
"title": "LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99648"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004290"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-596"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004290"
},
{
"db": "NVD",
"id": "CVE-2017-6016"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-075-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/96942"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6016"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6016"
},
{
"trust": 0.3,
"url": "http://laquisscada.com/instale1.php"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05061"
},
{
"db": "BID",
"id": "96942"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004290"
},
{
"db": "PACKETSTORM",
"id": "142043"
},
{
"db": "NVD",
"id": "CVE-2017-6016"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-596"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "08212888-7198-4132-aa3d-15ce85c5f3da"
},
{
"db": "CNVD",
"id": "CNVD-2017-05061"
},
{
"db": "BID",
"id": "96942"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004290"
},
{
"db": "PACKETSTORM",
"id": "142043"
},
{
"db": "NVD",
"id": "CVE-2017-6016"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-596"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-22T00:00:00",
"db": "IVD",
"id": "08212888-7198-4132-aa3d-15ce85c5f3da"
},
{
"date": "2017-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05061"
},
{
"date": "2017-03-16T00:00:00",
"db": "BID",
"id": "96942"
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004290"
},
{
"date": "2017-04-06T14:44:44",
"db": "PACKETSTORM",
"id": "142043"
},
{
"date": "2017-05-19T03:29:00.403000",
"db": "NVD",
"id": "CVE-2017-6016"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-596"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05061"
},
{
"date": "2017-03-23T01:01:00",
"db": "BID",
"id": "96942"
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004290"
},
{
"date": "2019-10-09T23:28:33.527000",
"db": "NVD",
"id": "CVE-2017-6016"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-596"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "96942"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-596"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LAquis SCADA Local Access Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "08212888-7198-4132-aa3d-15ce85c5f3da"
},
{
"db": "CNVD",
"id": "CNVD-2017-05061"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "08212888-7198-4132-aa3d-15ce85c5f3da"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-596"
}
],
"trust": 0.8
}
}
Loading...