Lucene search

[email protected]CVE-2018-19000

HistoryFeb 05, 2019 - 6:29 p.m.

CVE-2018-19000

2019-02-0518:29:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2018-19000

lcds laquis scada

authentication bypass

nvd

sensitivity data access

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.7%

JSON

LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.

CPENameOperatorVersion
lcds:laquis_scadalcds laquis scadalt4.1.0.4150

CPE	Name	Operator	Version
lcds:laquis_scada	lcds laquis scada	lt	4.1.0.4150

References

www.securityfocus.com/bid/106634

ics-cert.us-cert.gov/advisories/ICSA-19-015-01

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.7%

JSON

Related for CVE-2018-19000

zdi1 cvelist1 prion1 ics1