CVE-2018-18992
Description
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
LAquis SCADA versions prior to 4.1.0.4150 contain an input validation flaw that can lead to remote code execution.
Vulnerability
The vulnerability exists in LAquis SCADA versions prior to 4.1.0.4150. The software fails to properly sanitize user input, allowing injection of arbitrary code. According to [1], the affected version is LAquis SCADA 4.1.0.3870.
Exploitation
An attacker can exploit this vulnerability remotely without authentication by crafting a specially crafted input or file. The attack requires user interaction, such as opening a malicious report format file [1].
Impact
Successful exploitation could allow an attacker to execute arbitrary code on the server, leading to remote code execution, data exfiltration, or system crash [1].
Mitigation
LCDS recommends updating to LAquis SCADA version 4.1.0.4150 or later. No workarounds are provided. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) as of the writing of this report.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <4.1.0.4150
- ICS-CERT/LCDS Laquis SCADAv5Range: All versions prior to version 4.1.0.4150
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/106634mitrevdb-entryx_refsource_BID
- ics-cert.us-cert.gov/advisories/ICSA-19-015-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.