CVE-2024-5040
published 2024-05-21CVE-2024-5040: There are multiple ways in LCDS LAquis SCADA for an attacker to access locations outside of their own directory.
PriorityP338high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.41%
32.8th percentile
There are multiple ways in
LCDS LAquis SCADA for an attacker to access locations outside of their own directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lcds | laquis_scada | <= 4.7.1.7 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv4.08.5HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
LCDS LAquis SCADA
cisa_ics·2024-05-21·CVSS 8.5
[HIGH] LCDS LAquis SCADA
ICS Advisory
##
LCDS LAquis SCADA
Release DateMay 21, 2024
Alert CodeICSA-24-142-01
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.5
- ATTENTION: Low attack complexity
- Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME
- Equipment: LAquis SCADA
- Vulnerabilities: Path Traversal
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to read and write files outside of their own directory.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of LAquis SCADA, an HMI program, are affected:
- LAquis SCADA: Versions 4.7.1.7 and prior
## 3.2 Vulnerability Overview
## 3.2.1 Path Traversal CWE-22
There are multiple ways in LAquis SCADA for an attacker to access locations outside of th
GHSA
GHSA-58c4-h2gx-8qfv: There are multiple ways in
LCDS LAquis SCADA for an attacker to access locations outside of their own directory
ghsa_unreviewed·2024-05-21
CVE-2024-5040 [HIGH] CWE-22 GHSA-58c4-h2gx-8qfv: There are multiple ways in
LCDS LAquis SCADA for an attacker to access locations outside of their own directory
There are multiple ways in
LCDS LAquis SCADA for an attacker to access locations outside of their own directory.
No detection rules found.
No public exploits indexed.
2024-05-21
Published