VAR-201804-1529
Vulnerability from variot - Updated: 2023-12-18 12:50A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution. Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME of LAquis SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LCDS LAquis SCADA A set of SCADA software for monitoring and data acquisition from Brazil LCDS. A security vulnerability exists in LCDS LAquis SCADA version 4.1.0.3391 and earlier that caused the program to fail to properly detect or handle anomalies. An attacker could exploit the vulnerability to execute code. LAquis SCADA is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1529",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "laquis scada",
"scope": "lte",
"trust": 1.8,
"vendor": "lcds",
"version": "4.1.0.3391"
},
{
"model": "le\\303\\243o consultoria e desenvolvimento de sistemas ltda me laquis scada",
"scope": "eq",
"trust": 0.6,
"vendor": "lcds",
"version": "-\u003c=4.1.0.3391"
},
{
"model": "laquis scada",
"scope": "eq",
"trust": 0.6,
"vendor": "lcds",
"version": "4.1.0.3391"
},
{
"model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
"scope": "eq",
"trust": 0.3,
"vendor": "lcds",
"version": "-4.1.0.3391"
},
{
"model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
"scope": "ne",
"trust": 0.3,
"vendor": "lcds",
"version": "-4.1.0.3774"
},
{
"model": "le\u00e3o consultoria e desenvolvimento de sistemas ltda me laquis scada",
"scope": "eq",
"trust": 0.2,
"vendor": "lcds",
"version": "-\u003c=4.1.0.3391"
}
],
"sources": [
{
"db": "IVD",
"id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07745"
},
{
"db": "BID",
"id": "103724"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004093"
},
{
"db": "NVD",
"id": "CVE-2018-5463"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-408"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.0.3391",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5463"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "103724"
}
],
"trust": 0.3
},
"cve": "CVE-2018-5463",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-5463",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-07745",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-5463",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5463",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-07745",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-408",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-5463",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07745"
},
{
"db": "VULMON",
"id": "CVE-2018-5463"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004093"
},
{
"db": "NVD",
"id": "CVE-2018-5463"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-408"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution. Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME of LAquis SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LCDS LAquis SCADA A set of SCADA software for monitoring and data acquisition from Brazil LCDS. A security vulnerability exists in LCDS LAquis SCADA version 4.1.0.3391 and earlier that caused the program to fail to properly detect or handle anomalies. An attacker could exploit the vulnerability to execute code. LAquis SCADA is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5463"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004093"
},
{
"db": "CNVD",
"id": "CNVD-2018-07745"
},
{
"db": "BID",
"id": "103724"
},
{
"db": "IVD",
"id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
},
{
"db": "VULMON",
"id": "CVE-2018-5463"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5463",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-095-03",
"trust": 3.4
},
{
"db": "BID",
"id": "103724",
"trust": 2.6
},
{
"db": "CNVD",
"id": "CNVD-2018-07745",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-408",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004093",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2EB40D0-39AB-11E9-AED1-000C29342CB1",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2018-5463",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07745"
},
{
"db": "VULMON",
"id": "CVE-2018-5463"
},
{
"db": "BID",
"id": "103724"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004093"
},
{
"db": "NVD",
"id": "CVE-2018-5463"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-408"
}
]
},
"id": "VAR-201804-1529",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07745"
}
],
"trust": 1.5576448
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07745"
}
]
},
"last_update_date": "2023-12-18T12:50:46.854000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://laquisscada.com/"
},
{
"title": "LCDS LAquis SCADA patch for arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/125847"
},
{
"title": "LCDS LAquis SCADA Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83210"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07745"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004093"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-408"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004093"
},
{
"db": "NVD",
"id": "CVE-2018-5463"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-095-03"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/103724"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5463"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5463"
},
{
"trust": 0.3,
"url": "https://laquisscada.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07745"
},
{
"db": "VULMON",
"id": "CVE-2018-5463"
},
{
"db": "BID",
"id": "103724"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004093"
},
{
"db": "NVD",
"id": "CVE-2018-5463"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-408"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07745"
},
{
"db": "VULMON",
"id": "CVE-2018-5463"
},
{
"db": "BID",
"id": "103724"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004093"
},
{
"db": "NVD",
"id": "CVE-2018-5463"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-408"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-17T00:00:00",
"db": "IVD",
"id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
},
{
"date": "2018-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07745"
},
{
"date": "2018-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5463"
},
{
"date": "2018-04-05T00:00:00",
"db": "BID",
"id": "103724"
},
{
"date": "2018-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004093"
},
{
"date": "2018-04-09T21:29:00.210000",
"db": "NVD",
"id": "CVE-2018-5463"
},
{
"date": "2018-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-408"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07745"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5463"
},
{
"date": "2018-04-05T00:00:00",
"db": "BID",
"id": "103724"
},
{
"date": "2018-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004093"
},
{
"date": "2019-10-09T23:41:24.547000",
"db": "NVD",
"id": "CVE-2018-5463"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-408"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-408"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LCDS LAquis SCADA Arbitrary code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07745"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2eb40d0-39ab-11e9-aed1-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-408"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…