SB2019011601 - Multiple vulnerabilities in LCDS LAquis SCADA 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019011601

SB2019011601 - Multiple vulnerabilities in LCDS LAquis SCADA

Published: January 16, 2019

Security Bulletin ID SB2019011601
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 45% Low 55%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2018-18988)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to an error when processing malicious input. A remote attacker can trick the victim into opening a specially crafted report format file that may allow to execute script code execution, trigger data exfiltration, or cause a system crash.


2) Out-of-bounds read (CVE-ID: CVE-2018-19004)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to an out-of bounds-read when processing malicious input. A remote attacker can trick the victim into opening a specially crafted report format file and trigger data exfiltration.


3) Code injection (CVE-ID: CVE-2018-19002)

The vulnerability allows a remote attacker to inject arbitrary code on the target system.

The vulnerability exists due to improper control of generation of code. A remote attacker can trick the victim into opening a specially crafted report format file and inject arbitrary code to trigger data exfiltration, cause a system crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


4) Untrusted pointer dereference (CVE-ID: CVE-2018-19029)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to untrusted pointer dereference. A remote attacker can supply a pointer for a controlled memory address to trigger data exfiltration, cause a system crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


5) Out-of-bounds write (CVE-ID: CVE-2018-18986)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted report format file and inject arbitrary code to trigger data exfiltration, cause a system crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


6) Relative path traversal (CVE-ID: CVE-2018-18990)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to the lack of proper validation of a user-supplied path prior to using it in file operations. A remote attacker can trigger relative path traversal and disclose sensitive information under the context of the web server process.


7) Out-of-bounds read (CVE-ID: CVE-2018-18994)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to an out-of bounds-read when processing malicious input. A remote attacker can trick the victim into opening a specially crafted report format file and trigger data exfiltration.


8) Improper neutralization of special elements (CVE-ID: CVE-2018-18992)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to taking in user input without proper sanitation. A remote attacker can execute remote code on the server.

Successful exploitation of the vulnerability may result in system compromise.


9) Improper neutralization of special elements (CVE-ID: CVE-2018-18996)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to taking in user input without proper sanitation. A remote attacker can execute remote code on the server.

Successful exploitation of the vulnerability may result in system compromise.


10) Use of hardcoded credentials (CVE-ID: CVE-2018-18998)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to use of hard-coded credentials. A remote attacker can use these credentials and gain elevated privileges to conduct further attacks.


11) Authentication bypass (CVE-ID: CVE-2018-19000)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to authentication bypass using an alternate path or channel. A remote attacker can gain access to arbitrary files.


Remediation

Install update from vendor's website.

References