CVE-2018-18992
published 2019-02-05CVE-2018-18992: LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the…
PriorityP349high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
1.98%
78.1th percentile
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ics-cert | lcds_laquis_scada | — | — |
| lcds | laquis_scada | < 4.1.0.4150 | 4.1.0.4150 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6q6c-mcmq-5996: LCDS Laquis SCADA prior to version 4
ghsa_unreviewed·2022-05-13
CVE-2018-18992 [HIGH] CWE-74 GHSA-6q6c-mcmq-5996: LCDS Laquis SCADA prior to version 4
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.
CISA ICS
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
cisa_ics·2019-01-15·CVSS 8.8
[HIGH] LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
Last RevisedJanuary 15, 2019
Alert CodeICSA-19-015-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 7.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME
- Equipment: LAquis SCADA
- Vulnerabilities: Improper Input Validation, Out-of-Bounds Read, Code Injection, Untrusted Pointer Dereference, Out-of-Bounds Write, Relative Path Traversal, Injection, Use of Hard-Coded Credentials, Authentication Bypass Using an Alternate Path or Chann
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-02-05
Published