Multiple vulnerabilities in LCDS LAquis SCADA
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2018-18988 CVE-2018-19004 CVE-2018-19002 CVE-2018-19029 CVE-2018-18986 CVE-2018-18990 CVE-2018-18994 CVE-2018-18992 CVE-2018-18996 CVE-2018-18998 CVE-2018-19000 |
| CWE-ID | CWE-20 CWE-125 CWE-94 CWE-822 CWE-787 CWE-23 CWE-74 CWE-798 CWE-288 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
LAquis SCADA Server applications / SCADA systems |
| Vendor | Leão Consultoria e Desenvolvimento de Sistemas |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU17001
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18988
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to an error when processing malicious input. A remote attacker can trick the victim into opening a specially crafted report format file that may allow to execute script code execution, trigger data exfiltration, or cause a system crash.
MitigationUpdate to version 4.1.0.4150.
Vulnerable software versionsLAquis SCADA: 4.1.0.3870
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-015-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU17002
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19004
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to an out-of bounds-read when processing malicious input. A remote attacker can trick the victim into opening a specially crafted report format file and trigger data exfiltration.
MitigationUpdate to version 4.1.0.4150.
Vulnerable software versionsLAquis SCADA: 4.1.0.3870
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-015-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Code injection
EUVDB-ID: #VU17003
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19002
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to inject arbitrary code on the target system.
The vulnerability exists due to improper control of generation of code. A remote attacker can trick the victim into opening a specially crafted report format file and inject arbitrary code to trigger data exfiltration, cause a system crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 4.1.0.4150.
Vulnerable software versionsLAquis SCADA: 4.1.0.3870
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-015-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Untrusted pointer dereference
EUVDB-ID: #VU17005
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19029
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to untrusted pointer dereference. A remote attacker can supply a pointer for a controlled memory address to trigger data exfiltration, cause a system crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 4.1.0.4150.
Vulnerable software versionsLAquis SCADA: 4.1.0.3870
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-015-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU17006
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18986
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted report format file and inject arbitrary code to trigger data exfiltration, cause a system crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 4.1.0.4150.
Vulnerable software versionsLAquis SCADA: 4.1.0.3870
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-015-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Relative path traversal
EUVDB-ID: #VU17007
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18990
CWE-ID:
CWE-23 - Relative Path Traversal
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to the lack of proper validation of a user-supplied path prior to using it in file operations. A remote attacker can trigger relative path traversal and disclose sensitive information under the context of the web server process.
MitigationUpdate to version 4.1.0.4150.
Vulnerable software versionsLAquis SCADA: 4.1.0.3870
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-015-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU17004
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18994
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to an out-of bounds-read when processing malicious input. A remote attacker can trick the victim into opening a specially crafted report format file and trigger data exfiltration.
MitigationUpdate to version 4.1.0.4150.
Vulnerable software versionsLAquis SCADA: 4.1.0.3870
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-015-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper neutralization of special elements
EUVDB-ID: #VU17008
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18992
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to taking in user input without proper sanitation. A remote attacker can execute remote code on the server.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 4.1.0.4150.
Vulnerable software versionsLAquis SCADA: 4.1.0.3870
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-015-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper neutralization of special elements
EUVDB-ID: #VU17009
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18996
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to taking in user input without proper sanitation. A remote attacker can execute remote code on the server.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 4.1.0.4150.
Vulnerable software versionsLAquis SCADA: 4.1.0.3870
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-015-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use of hardcoded credentials
EUVDB-ID: #VU17010
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18998
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The vulnerability exists due to use of hard-coded credentials. A remote attacker can use these credentials and gain elevated privileges to conduct further attacks.
MitigationUpdate to version 4.1.0.4150.
Vulnerable software versionsLAquis SCADA: 4.1.0.3870
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-015-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Authentication bypass
EUVDB-ID: #VU17011
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19000
CWE-ID:
CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to authentication bypass using an alternate path or channel. A remote attacker can gain access to arbitrary files.
MitigationUpdate to version 4.1.0.4150.
Vulnerable software versionsLAquis SCADA: 4.1.0.3870
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-19-015-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
