CVE-2018-18996
Description
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
LAquis SCADA prior to 4.1.0.4150 has an improper input validation vulnerability allowing remote code execution via crafted input.
Vulnerability
LAquis SCADA versions prior to 4.1.0.4150 (specifically 4.1.0.3870 as identified in the advisory [1]) contain an improper input validation vulnerability. The software accepts user input without proper authorization or sanitization, which can be exploited to execute arbitrary code on the server.
Exploitation
An attacker can exploit this vulnerability remotely without authentication by sending specially crafted input, such as a malicious report format file. The advisory notes that opening such a file triggers script execution, requiring low skill level to exploit [1].
Impact
Successful exploitation can lead to remote code execution, data exfiltration, or a system crash. The CVSS v3 base score is 7.8 (High) with the vector string AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L [1].
Mitigation
The vendor released version 4.1.0.4150 to address this vulnerability. Users should update to the latest version. No workarounds are documented in the available references [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <4.1.0.4150
- ICS-CERT/LCDS Laquis SCADAv5Range: All versions prior to version 4.1.0.4150
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/106634mitrevdb-entryx_refsource_BID
- ics-cert.us-cert.gov/advisories/ICSA-19-015-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.