VYPR

LAquis SCADA

by LAquis

CVEs (4)

  • CVE-2018-18992HigFeb 5, 2019
    risk 0.57cvss 8.8epss 0.02

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.

  • CVE-2020-25188HigOct 14, 2020
    risk 0.51cvss 7.8epss 0.02

    An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870).

  • CVE-2019-6536HigMar 27, 2019
    risk 0.51cvss 7.8epss 0.01

    Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process.

  • CVE-2018-18990MedFeb 5, 2019
    risk 0.38cvss 5.3epss 0.39

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.