VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 5, 2019· Updated Sep 16, 2024

CVE-2018-19029

CVE-2018-19029

Description

LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

LAquis SCADA prior to 4.1.0.4150 contains an untrusted pointer dereference vulnerability in project file parsing that could allow remote code execution, data exfiltration, or system crash.

Vulnerability

LAquis SCADA versions prior to 4.1.0.4150 (specifically version 4.1.0.3870) are affected by an untrusted pointer dereference vulnerability (CWE-822). An attacker can supply a pointer for a controlled memory address by crafting a malicious project file. This vulnerability is triggered when the user opens the specially crafted project file in the SCADA software. [1]

Exploitation

An attacker with low skill level can exploit this vulnerability remotely by convincing a user to open a specially crafted project file. No authentication is required, and user interaction is limited to opening the file. The attacker does not need any special network position beyond delivering the file (e.g., via email or download). [1]

Impact

Successful exploitation could allow the attacker to achieve remote code execution, exfiltrate data, or cause a system crash. The CVSS v3 base score is 7.8 (High) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high impact on confidentiality, integrity, and availability. [1]

Mitigation

LCDS recommends updating to LAquis SCADA version 4.1.0.4150 or later to remediate this vulnerability. As of the advisory publication date (January 15, 2019), no workarounds were provided. Users should obtain the update from the vendor. [1]

References
  1. LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA | CISA

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • LCDS/LAquis SCADAllm-fuzzy2 versions
    <4.1.0.4150+ 1 more
    • (no CPE)range: <4.1.0.4150
    • (no CPE)range: All versions prior to version 4.1.0.4150

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.