CVE-2018-18988
Description
LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
LAquis SCADA prior to 4.1.0.4150 allows remote code execution via a specially crafted report format file due to improper input validation.
Vulnerability
LAquis SCADA version 4.1.0.3870 and earlier are affected by an improper input validation vulnerability (CWE-20) in the handling of report format files. Opening a specially crafted report format file can trigger execution of script code. This issue is identified as CVE-2018-18988 and has a CVSS v3 base score of 7.3 [1].
Exploitation
An attacker can exploit this vulnerability remotely without authentication or user interaction (CVSS v3 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). The attack is achieved by providing a specially crafted report format file to the SCADA system. Low skill level is required to exploit [1].
Impact
Successful exploitation could allow an attacker to execute arbitrary code, exfiltrate data, or cause a system crash. The compromise impacts confidentiality, integrity, and availability at a low level [1].
Mitigation
LCDS has released LAquis SCADA version 4.1.0.4150 to address this vulnerability. Users should update to this version or later. The advisory was published on February 1, 2019. No workarounds are documented [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <4.1.0.4150
- ICS-CERT/LCDS Laquis SCADAv5Range: All versions prior to version 4.1.0.4150
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/106634mitrevdb-entryx_refsource_BID
- ics-cert.us-cert.gov/advisories/ICSA-19-015-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.