SB2019011601 - Multiple vulnerabilities in LCDS LAquis SCADA
Published: January 16, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2018-18988)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to an error when processing malicious input. A remote attacker can trick the victim into opening a specially crafted report format file that may allow to execute script code execution, trigger data exfiltration, or cause a system crash.
2) Out-of-bounds read (CVE-ID: CVE-2018-19004)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to an out-of bounds-read when processing malicious input. A remote attacker can trick the victim into opening a specially crafted report format file and trigger data exfiltration.
3) Code injection (CVE-ID: CVE-2018-19002)
CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to inject arbitrary code on the target system.
The vulnerability exists due to improper control of generation of code. A remote attacker can trick the victim into opening a specially crafted report format file and inject arbitrary code to trigger data exfiltration, cause a system crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
4) Untrusted pointer dereference (CVE-ID: CVE-2018-19029)
CWE-ID: CWE-822 - Untrusted Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to untrusted pointer dereference. A remote attacker can supply a pointer for a controlled memory address to trigger data exfiltration, cause a system crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
5) Out-of-bounds write (CVE-ID: CVE-2018-18986)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted report format file and inject arbitrary code to trigger data exfiltration, cause a system crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
6) Relative path traversal (CVE-ID: CVE-2018-18990)
CWE-ID: CWE-23 - Relative Path Traversal
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to the lack of proper validation of a user-supplied path prior to using it in file operations. A remote attacker can trigger relative path traversal and disclose sensitive information under the context of the web server process.
7) Out-of-bounds read (CVE-ID: CVE-2018-18994)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to an out-of bounds-read when processing malicious input. A remote attacker can trick the victim into opening a specially crafted report format file and trigger data exfiltration.
8) Improper neutralization of special elements (CVE-ID: CVE-2018-18992)
CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to taking in user input without proper sanitation. A remote attacker can execute remote code on the server.
Successful exploitation of the vulnerability may result in system compromise.
9) Improper neutralization of special elements (CVE-ID: CVE-2018-18996)
CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to taking in user input without proper sanitation. A remote attacker can execute remote code on the server.
Successful exploitation of the vulnerability may result in system compromise.
10) Use of hardcoded credentials (CVE-ID: CVE-2018-18998)
CWE-ID: CWE-798 - Use of Hard-coded Credentials
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The vulnerability exists due to use of hard-coded credentials. A remote attacker can use these credentials and gain elevated privileges to conduct further attacks.
11) Authentication bypass (CVE-ID: CVE-2018-19000)
CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to authentication bypass using an alternate path or channel. A remote attacker can gain access to arbitrary files.
Remediation
Install update from vendor's website.