LCDS Fixes LAquis SCADA Holes

Wednesday, January 16, 2019 @ 10:01 AM gHale

LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME has an updated version to mitigate multiple vulnerabilities in its LAquis SCADA, according to a report from NCCIC.

The remotely exploitable vulnerabilities include an improper input validation, out-of-bounds read, code injection, untrusted pointer dereference, out-of-bounds write, relative path traversal, injection, use of hard-coded credentials, and an authentication bypass using an alternate path or channel.

RELATED STORIES
Tridium Fixes XSS Hole
Pilz Fixes PNOZmulti Configurator Issue
Omron Clears CX-One CX-Protocol Hole
Emerson Patches DeltaV Hole

Successful exploitation of these vulnerabilities, discovered by Esteban Ruiz (mr me) working with Zero Day Initiative, could allow remote code execution, data exfiltration, or cause a system crash.

An industrial automation software, LAquis SCADA 4.1.0.3870 suffers from the multiple issues.

In one vulnerability, opening a specially crafted report format file allows execution of script code, which may allow remote code execution, data exfiltration, or cause a system crash.

CVE-2018-18988 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

In addition, opening a specially crafted project file may cause an out of bounds read, which may allow data exfiltration.

CVE-2018-19004 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 3.3.

Also, opening a specially crafted project file may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.

CVE-2018-19002 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

In another vulnerability, an attacker using a specially crafted project file can supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash.

CVE-2018-19029 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

In addition, opening specially crafted report format file may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution.

CVE-2018-18986 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

Also, the issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.

CVE-2018-18990 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

In addition, opening specially crafted project file may cause an out of bounds read, which may cause a system crash or allow data exfiltration.

CVE-2018-18994 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

Also, taking in user input without proper sanitation may allow an attacker to execute remote code on the server.

CVE-2018-18992 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.3.

In addition, taking in user input without proper authorization or sanitation may allow an attacker to execute remote code on the server.

CVE-2018-18996 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

In addition, use of hard coded credentials may allow an attacker unauthorized access to the system with high-privileges.

CVE-2018-18998 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

Also, an authentication bypass is possible, which may allow an attacker access to sensitive data.
CVE-2018-19000 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

The product sees use in the chemical, commercial facilities, energy, food and agriculture, transportation systems, and water and wastewater systems sectors. The product sees use mainly in South America.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Brazil-based LCDS recommends users update to Version 4.1.0.4150.



Leave a Reply

You must be logged in to post a comment.