cbcvebase.
CVE-2018-18996
published 2019-02-05

CVE-2018-18996: LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute…

PriorityP357critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.46%
82.4th percentile
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.

Affected

2 ranges
VendorProductVersion rangeFixed in
ics-certlcds_laquis_scada
lcdslaquis_scada< 4.1.0.41504.1.0.4150

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.