CVE-2018-18990
Description
LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
LAquis SCADA prior to 4.1.0.4150 allows path traversal in file operations, enabling remote disclosure of sensitive information via the web server.
Vulnerability
LAquis SCADA versions prior to 4.1.0.4150 contain a path traversal vulnerability in file operations. The application fails to properly validate user-supplied paths, allowing an attacker to specify arbitrary file paths. This affects the web server component of the SCADA software, as described in the ICS-CERT advisory [1].
Exploitation
An attacker can exploit this vulnerability remotely without authentication by sending a crafted HTTP request containing path traversal sequences (e.g., ../) to the SCADA web server. The low skill level required makes exploitation accessible [1].
Impact
Successful exploitation allows the attacker to read arbitrary files from the server file system under the context of the web server process. This can lead to disclosure of sensitive information such as configuration files, credentials, or other operational data [1].
Mitigation
LCDS released version 4.1.0.4150 to address this vulnerability. Users should upgrade to this version or later. No workarounds are documented in the available references [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <4.1.0.4150
- ICS-CERT/LCDS Laquis SCADAv5Range: All versions prior to version 4.1.0.4150
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/106634mitrevdb-entryx_refsource_BID
- ics-cert.us-cert.gov/advisories/ICSA-19-015-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.