CVE-2018-19004
Description
LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds read vulnerability in LAquis SCADA prior to 4.1.0.4150 allows data exfiltration via a specially crafted project file.
Vulnerability
LAquis SCADA versions prior to 4.1.0.4150, specifically version 4.1.0.3870, contain an out-of-bounds read vulnerability (CWE-125) when opening a specially crafted project file. The flaw resides in the project file parsing logic and is triggered by user interaction [1].
Exploitation
An attacker must craft a malicious project file that causes an out-of-bounds read and then convince a user to open it. No authentication is required, but the attack is local and requires user interaction (CVSS v3 vector AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) [1].
Impact
Successful exploitation allows an attacker to read memory beyond the intended buffer, potentially leading to data exfiltration. The confidentiality impact is low; there is no impact on integrity or availability [1].
Mitigation
LCDS released version 4.1.0.4150 to address this vulnerability. Users should update to the latest version. No workarounds are documented, and this CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <4.1.0.4150
- ICS-CERT/LCDS Laquis SCADAv5Range: All versions prior to version 4.1.0.4150
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/106634mitrevdb-entryx_refsource_BID
- ics-cert.us-cert.gov/advisories/ICSA-19-015-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.