VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 5, 2019· Updated Sep 16, 2024

CVE-2018-19002

CVE-2018-19002

Description

LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Laquis SCADA prior to 4.1.0.4150 contains a code injection vulnerability when opening specially crafted project files, allowing remote code execution or system crash.

Vulnerability

Laquis SCADA versions prior to 4.1.0.4150 (specifically 4.1.0.3870 and earlier) are affected by a code injection vulnerability (CWE-94) in the handling of project files. When a specially crafted project file is opened, improper control of code generation allows an attacker to execute arbitrary code within the application context [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious project file and convincing a user to open it locally, for example via social engineering. No authentication is required, but user interaction is necessary. The CVSS vector (AV:L/AC:L/PR:N/UI:R) indicates local access and low complexity [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the application, potentially leading to remote code execution, data exfiltration, or a system crash. The CVSS base score of 7.8 reflects high impacts on confidentiality, integrity, and availability [1].

Mitigation

LCDS released Laquis SCADA version 4.1.0.4150 to address this vulnerability. Users should update to this version or later. No workarounds have been provided by the vendor [1].

References
  1. LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA | CISA

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • LCDS/LAquis SCADAllm-fuzzy2 versions
    <4.1.0.4150+ 1 more
    • (no CPE)range: <4.1.0.4150
    • (no CPE)range: All versions prior to version 4.1.0.4150

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.