var-201908-1839
Vulnerability from variot
Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). LAquis SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A buffer overflow vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1839",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "laquis scada",
"scope": "eq",
"trust": 1.4,
"vendor": "lcds",
"version": "4.3.1.71"
},
{
"model": "scada",
"scope": "eq",
"trust": 1.0,
"vendor": "laquisscada",
"version": "4.3.1.71"
},
{
"model": "scada",
"scope": null,
"trust": 0.7,
"vendor": "laquis",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada",
"version": "4.3.1.71"
}
],
"sources": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "NVD",
"id": "CVE-2019-10994"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:laquisscada:scada:4.3.1.71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10994"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francis Provencher {PRL}",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
],
"trust": 1.3
},
"cve": "CVE-2019-10994",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10994",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-28113",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-10994",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.0,
"id": "CVE-2019-10994",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10994",
"trust": 1.8,
"value": "LOW"
},
{
"author": "ZDI",
"id": "CVE-2019-10994",
"trust": 0.7,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2019-28113",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-143",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "NVD",
"id": "CVE-2019-10994"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). LAquis SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A buffer overflow vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10994",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-06",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-19-688",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2019-28113",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8198",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2899",
"trust": 0.6
},
{
"db": "IVD",
"id": "82947E4F-7B47-4A27-8C05-80E16EED7572",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "NVD",
"id": "CVE-2019-10994"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
]
},
"id": "VAR-201908-1839",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
}
],
"trust": 1.3507122
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
}
]
},
"last_update_date": "2023-12-18T12:50:08.253000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://laquisscada.com/"
},
{
"title": "LAquis has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06"
},
{
"title": "Patch for LCDS LAquis SCADA Buffer Overflow Vulnerability (CNVD-2019-28113)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/176009"
},
{
"title": "LCDS LAquis SCADA Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95905"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "NVD",
"id": "CVE-2019-10994"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10994"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10994"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2899/"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-688/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "NVD",
"id": "CVE-2019-10994"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "NVD",
"id": "CVE-2019-10994"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-20T00:00:00",
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"date": "2019-08-05T00:00:00",
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"date": "2019-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"date": "2019-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"date": "2019-08-05T19:15:11.193000",
"db": "NVD",
"id": "CVE-2019-10994"
},
{
"date": "2019-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-05T00:00:00",
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"date": "2019-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"date": "2019-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"date": "2019-10-09T23:45:10.150000",
"db": "NVD",
"id": "CVE-2019-10994"
},
{
"date": "2019-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LAquis SCADA Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
],
"trust": 0.8
}
}
Loading...