CVE-2018-18998
Description
LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
LAquis SCADA prior to 4.1.0.4150 uses hard-coded credentials, allowing remote attackers to gain unauthorized high-privilege access.
Vulnerability
LAquis SCADA versions prior to 4.1.0.4150 contain hard-coded credentials (CWE-798) that are embedded in the software. An attacker who discovers these credentials can authenticate to the system without needing legitimate user credentials. The affected version is SCADA 4.1.0.3870 and earlier [1].
Exploitation
An attacker can exploit this vulnerability remotely with low skill level. No authentication or user interaction is required. The attacker simply uses the hard-coded credentials to log into the SCADA system over the network [1].
Impact
Successful exploitation grants the attacker unauthorized access with high privileges, potentially allowing full control of the SCADA system. This could lead to remote code execution, data exfiltration, or system crashes, depending on the attacker's actions [1].
Mitigation
LCDS released version 4.1.0.4150 to address this vulnerability. Users should upgrade to this version or later. No workarounds are documented in the available reference [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <4.1.0.4150
- ICS-CERT/LCDS Laquis SCADAv5Range: All versions prior to version 4.1.0.4150
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/106634mitrevdb-entryx_refsource_BID
- ics-cert.us-cert.gov/advisories/ICSA-19-015-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.