Details of VAR-201705-4157

ID

VAR-201705-4157

TITLE

LAquis SCADA dll Hijacking vulnerability

Trust: 0.8

sources: IVD: 5a61492d-20ca-4eb9-b3ba-b8ca064a7876 // CNVD: CNVD-2017-06106

DESCRIPTION

LAquis SCADA is a tool and language for data collection, process monitoring, industrial automation, storage, and report generation for quality management and application development. LAquis SCADA has a dll hijacking vulnerability. The vulnerability is caused by the failure to specify an absolute path for the DLL included in the LAquis SCADA application, allowing an attacker to use the vulnerability to build a malicious application, place it in a specific path, and make the application maliciously load the DLL and execute it

Trust: 0.72

sources: CNVD: CNVD-2017-06106 // IVD: 5a61492d-20ca-4eb9-b3ba-b8ca064a7876

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 5a61492d-20ca-4eb9-b3ba-b8ca064a7876 // CNVD: CNVD-2017-06106

AFFECTED PRODUCTS

vendor:

lcds

model:

leão consultoria e desenvolvimento de sistemas ltda me laquis scada

scope:

version:

-4.1

Trust: 0.8

sources: IVD: 5a61492d-20ca-4eb9-b3ba-b8ca064a7876 // CNVD: CNVD-2017-06106

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-06106
value:	MEDIUM
Trust: 0.6
IVD:	5a61492d-20ca-4eb9-b3ba-b8ca064a7876
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2017-06106
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	5a61492d-20ca-4eb9-b3ba-b8ca064a7876
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 5a61492d-20ca-4eb9-b3ba-b8ca064a7876 // CNVD: CNVD-2017-06106

TYPE

Code injection

Trust: 0.2

sources: IVD: 5a61492d-20ca-4eb9-b3ba-b8ca064a7876

EXTERNAL IDS

db:	CNVD	id:	CNVD-2017-06106	Trust: 0.8
db:	IVD	id:	5A61492D-20CA-4EB9-B3BA-B8CA064A7876	Trust: 0.2

sources: IVD: 5a61492d-20ca-4eb9-b3ba-b8ca064a7876 // CNVD: CNVD-2017-06106

SOURCES

db:	IVD	id:	5a61492d-20ca-4eb9-b3ba-b8ca064a7876
db:	CNVD	id:	CNVD-2017-06106

LAST UPDATE DATE

2022-05-17T01:41:06.621000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-06106

date:

2017-05-15T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	5a61492d-20ca-4eb9-b3ba-b8ca064a7876	date:	2017-05-08T00:00:00
db:	CNVD	id:	CNVD-2017-06106	date:	2017-06-12T00:00:00