CVE-2017-6020
published 2018-04-17CVE-2017-6020: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to…
PriorityP343medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
8.73%
94.5th percentile
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lcds | laquis_scada | < 4.1.0.3237 | 4.1.0.3237 |
| lcds_le_o_consultoria_e_desenvolvimento_de_sistemas_ltda_me | laquis_scada_software | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
cisa_ics·2019-01-15
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
Last RevisedJanuary 15, 2019
Alert CodeICSA-17-082-01
## CVSS v3 5.3
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME
Equipment: LAquis SCADA
Vulnerability: Path Traversal
## AFFECTED PRODUCTS
The following versions of LAquis SCADA, an industrial automation software, are affected:
- LAquis SCADA software, versions prior to version 4.1.0.3237.
## IMPACT
Successful exploitation of this vulnerability could allow an unpri
GHSA
GHSA-46mc-xp8v-mrp8: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4
ghsa_unreviewed·2022-05-13
CVE-2017-6020 [MEDIUM] CWE-22 GHSA-46mc-xp8v-mrp8: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.
No detection rules found.
2018-04-17
Published