CVE-2017-6016 - OpenCVE

An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Leao Consultoria E Desenvolvimento De Sistemas	Ltda Me Laquis Scada

Configuration 1 [-]

cpe:2.3:a:leao_consultoria_e_desenvolvimento_de_sistemas:ltda_me_laquis_scada:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/96942
https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-05-19T02:43:00

Updated: 2024-08-05T15:18:49.401Z

Reserved: 2017-02-16T00:00:00

Link: CVE-2017-6016

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-05-19T03:29:00.403

Modified: 2019-10-09T23:28:33.527

Link: CVE-2017-6016

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA", "vendor": "n/a", "versions": [{"status": "affected", "version": "LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA"}]}], "datePublic": "2017-05-18T00:00:00", "descriptions": [{"lang": "en", "value": "An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-05-19T09:57:02", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "96942", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96942"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-6016", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA", "version": {"version_data": [{"version_value": "LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284"}]}]}, "references": {"reference_data": [{"name": "96942", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96942"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:18:49.401Z"}, "title": "CVE Program Container", "references": [{"name": "96942", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96942"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-6016", "datePublished": "2017-05-19T02:43:00", "dateReserved": "2017-02-16T00:00:00", "dateUpdated": "2024-08-05T15:18:49.401Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:leao_consultoria_e_desenvolvimento_de_sistemas:ltda_me_laquis_scada:*:*:*:*:*:*:*:*", "matchCriteriaId": "467326FE-BE40-4667-B78A-5C9A122DBB74", "versionEndIncluding": "4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges."}, {"lang": "es", "value": "Se detect\u00f3 un problema de Control de Acceso Inapropiado en LAquis SCADA de LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME. Las siguientes versiones est\u00e1n afectadas: Versiones 4.1 y versiones anteriores publicadas antes del 20 de enero de 2017. Se identific\u00f3 una vulnerabilidad de Control de Acceso Inapropiado, lo que puede permitir que un usuario autenticado modifique los archivos de la aplicaci\u00f3n para escalar privilegios."}], "id": "CVE-2017-6016", "lastModified": "2019-10-09T23:28:33.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-19T03:29:00.403", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96942"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}