CVE-2018-18986 – LAquis SCADA LGX Report Format File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-18986
LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution. LCDS Laquis SCADA, en versiones anteriores a la 4.1.0.4150, permite la apertura de un archivo de formato de informe especialmente manipulado que podría causar el cierre inesperado del sistema, permitir la exfiltración de datos o la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LGX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • http://www.securityfocus.com/bid/106634 https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2018-18998 – LAquis SCADA Web Server Hardcoded Credentials Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2018-18998
LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges. LCDS Laquis SCADA, en versiones anteriores a la 4.1.0.4150, utiliza credenciales embebidas, lo que podría permitir a un atacante obtener acceso no autorizado al sistema con privilegios altos. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the product's webserver. The product contains a hard-coded password for a number of undocumented accounts. • http://www.securityfocus.com/bid/106634 https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01 • CWE-798: Use of Hard-coded Credentials •
CVE-2018-19029 – LAquis SCADA LQS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-19029
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash. LCDS Laquis SCADA, en versiones anteriores a la 4.1.0.4150, permite a un atacante utilizar un archivo de proyecto especialmente manipulado para proporcionar un puntero para una dirección de memoria controlada, lo que podría permitir la ejecución remota de código, la exfiltración de datos o el cierre inesperado del sistema. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. • http://www.securityfocus.com/bid/106634 https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •
CVE-2018-19000 – LAquis SCADA Web Server URI Parsing Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2018-19000
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data. LCDS Laquis SCADA, en versiones anteriores a la 4.1.0.4150, permite una omisión de autenticación, lo que podría permitir a un atacante acceder a datos sensibles. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of URIs by the product's web server. A crafted URI can cause the web service to bypass authentication that should be required for the web page. • http://www.securityfocus.com/bid/106634 https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2018-19002 – LAquis SCADA LQS File Parsing Improper Control of Generation of Code Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-19002
LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash. LCDS Laquis SCADA, en versiones anteriores a la 4.1.0.4150, permite el control incorrecto de la generación de código a la hora de abrir un archivo de proyecto especialmente manipulado, lo que podría permitir la ejecución remota de código, la exfiltración de datos o el cierre inesperado del sistema. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a controlled call to VirtualProtect. • http://www.securityfocus.com/bid/106634 https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •