VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 5, 2019· Updated Sep 16, 2024

CVE-2018-19000

CVE-2018-19000

Description

LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

LAquis SCADA prior to 4.1.0.4150 contains an authentication bypass that allows unauthenticated network attackers to access sensitive data.

Vulnerability

LAquis SCADA versions prior to 4.1.0.4150 (including version 4.1.0.3870 as identified in the advisory) are affected by an authentication bypass vulnerability (CWE-288). An attacker with network access to the affected product can log in without any authentication, bypassing the normal login mechanism [1].

Exploitation

The vulnerability is exploitable remotely with low complexity. The attacker requires only network access to the LAquis SCADA service; no authentication or user interaction is needed. By sending crafted network requests, an attacker can bypass the authentication process and gain unauthorized access to the system [1].

Impact

Successful exploitation allows the attacker to access sensitive data (confidentiality impact: high) and potentially modify data (integrity impact: high). The vulnerability does not affect availability. The CVSS v3 base score is 7.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) [1].

Mitigation

LCDS has addressed this vulnerability in LAquis SCADA version 4.1.0.4150. Users should upgrade to this version or later. No workarounds or alternative mitigations have been published in the available references [1].

References
  1. LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA | CISA

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • LCDS/LAquis SCADAllm-fuzzy
    Range: <4.1.0.4150
  • ICS-CERT/LCDS Laquis SCADAv5
    Range: All versions prior to version 4.1.0.4150

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.