CVE-2019-6536
published 2019-03-27CVE-2019-6536: Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker…
PriorityP337high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
1.21%
64.5th percentile
Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lcds | laquis_scada | — | — |
| lcds_le_o_consultoria_e_desenvolvimento_de_sistemas_ltda_me | laquis_scada | < 4.3.1.71 | 4.3.1.71 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x7wc-chm7-9xvf: Opening a specially crafted LCDS LAquis SCADA before 4
ghsa_unreviewed·2022-05-14
CVE-2019-6536 [HIGH] CWE-787 GHSA-x7wc-chm7-9xvf: Opening a specially crafted LCDS LAquis SCADA before 4
Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process.
CISA ICS
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ELS Files
cisa_ics·2019-03-14·CVSS 7.8
[HIGH] LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ELS Files
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ELS Files
Last RevisedMarch 14, 2019
Alert CodeICSA-19-073-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 7.8
- ATTENTION: Low skill level to exploit
- Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas LTDA ME
- Equipment: LAquis SCADA
- Vulnerability: Out-of-Bounds Write
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following version of LAquis SCADA, an industrial automation software, is
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-03-27
Published