CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2018-17897 – LAquis SCADA LQS File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17897
LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution. LAquis SCADA en versiones 4.1.0.3870 y anteriores tiene varias vulnerabilidades de desbordamiento de enteros y desbordamiento de búfer que podrían permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. • http://laquisscada.com/instale1.php http://www.securityfocus.com/bid/105719 https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17911 – Laquis SCADA editorldriver Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17911
LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution. LAquis SCADA en versiones 4.1.0.3870 y anteriores tiene varias vulnerabilidades de desbordamiento de búfer basado en pila que podrían permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within editorldriver.exe. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • http://laquisscada.com/instale1.php https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01 https://www.zerodayinitiative.com/advisories/ZDI-18-1258 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5463
https://notcve.org/view.php?id=CVE-2018-5463
A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution. Una vulnerabilidad de desbordamiento del controlador de excepción estructurada en Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA, en versiones 4.1.0.3391 y anteriores, podrían permitir la ejecución de código. • http://www.securityfocus.com/bid/103724 https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6020 – LAquis SCADA Software Web Server Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-6020
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level. El software de Leao Consultoria e Desenvolvimento de Sistemas (LCDS), LTDA ME LAquis SCADA, en versiones anteriores a la 4.1.0.3237, no neutraliza las entradas externas para asegurarse de que los usuarios no están llamando a secuencias de ruta absolutas fuera de su nivel de privilegios. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within global processing of requests inside the web server. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.exploit-db.com/exploits/42885 http://www.securityfocus.com/bid/97055 https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •