CVE-2017-6016

An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges.

CVSS v3 7.3 HIGH
CVSS v2.0 4.4 MEDIUM

7.3^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/96942	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:leao_consultoria_e_desenvolvimento_de_sistemas:ltda_me_laquis_scada:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-05-19 03:29

Updated : 2024-02-28 15:44

NVD link : CVE-2017-6016

Mitre link : CVE-2017-6016

CVE.ORG link : CVE-2017-6016

JSON object : View

Products Affected

leao_consultoria_e_desenvolvimento_de_sistemas

ltda_me_laquis_scada

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

{"id": "CVE-2017-6016", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2017-05-19T03:29:00.403", "references": [{"url": "http://www.securityfocus.com/bid/96942", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges."}, {"lang": "es", "value": "Se detect\u00f3 un problema de Control de Acceso Inapropiado en LAquis SCADA de LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME. Las siguientes versiones est\u00e1n afectadas: Versiones 4.1 y versiones anteriores publicadas antes del 20 de enero de 2017. Se identific\u00f3 una vulnerabilidad de Control de Acceso Inapropiado, lo que puede permitir que un usuario autenticado modifique los archivos de la aplicaci\u00f3n para escalar privilegios."}], "lastModified": "2019-10-09T23:28:33.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:leao_consultoria_e_desenvolvimento_de_sistemas:ltda_me_laquis_scada:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "467326FE-BE40-4667-B78A-5C9A122DBB74", "versionEndIncluding": "4.1"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}