CVE-2018-19029 – LAquis SCADA LQS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-19029
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash. LCDS Laquis SCADA, en versiones anteriores a la 4.1.0.4150, permite a un atacante utilizar un archivo de proyecto especialmente manipulado para proporcionar un puntero para una dirección de memoria controlada, lo que podría permitir la ejecución remota de código, la exfiltración de datos o el cierre inesperado del sistema. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. • http://www.securityfocus.com/bid/106634 https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •
CVE-2018-19000 – LAquis SCADA Web Server URI Parsing Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2018-19000
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data. LCDS Laquis SCADA, en versiones anteriores a la 4.1.0.4150, permite una omisión de autenticación, lo que podría permitir a un atacante acceder a datos sensibles. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of URIs by the product's web server. A crafted URI can cause the web service to bypass authentication that should be required for the web page. • http://www.securityfocus.com/bid/106634 https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2018-19002 – LAquis SCADA LQS File Parsing Improper Control of Generation of Code Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-19002
LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash. LCDS Laquis SCADA, en versiones anteriores a la 4.1.0.4150, permite el control incorrecto de la generación de código a la hora de abrir un archivo de proyecto especialmente manipulado, lo que podría permitir la ejecución remota de código, la exfiltración de datos o el cierre inesperado del sistema. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a controlled call to VirtualProtect. • http://www.securityfocus.com/bid/106634 https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-18992 – LAquis SCADA Web Server acompanhamentotela TAGALTERE Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-18992
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server. LCDS Laquis SCADA, en versiones anteriores a la 4.1.0.4150, permite la recepción de entradas del usuario sin que estén saneadas correctamente, lo que podría permitir a un atacante ejecutar código remoto en el servidor. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to acompanhamentotela.lhtml. When parsing the TAGALTERE Element, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. • http://www.securityfocus.com/bid/106634 https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2018-18994 – LAquis SCADA LQS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-18994
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration. LCDS Laquis SCADA, en versiones anteriores a la 4.1.0.4150, permite una lectura fuera de límites al abrir un archivo de proyecto especialmente manipulado, lo que podría provocar un cierre inesperado del sistema o permitir la exfiltración de datos. This vulnerability allows remote attackers to execute arbitrary code User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the process. • https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01 • CWE-125: Out-of-bounds Read •