cbcvebase.
CVE-2017-6020
published 2018-04-17

CVE-2017-6020: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to…

PriorityP343medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
8.73%
94.5th percentile
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.

Affected

2 ranges
VendorProductVersion rangeFixed in
lcdslaquis_scada< 4.1.0.32374.1.0.3237
lcds_le_o_consultoria_e_desenvolvimento_de_sistemas_ltda_melaquis_scada_software

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.