LCDS LAquis SCADA prior to version 4.1.0.4150 Remote Code Execution Vulnerability

Summary

LCDS LAquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.

Credit:

The information has been provided by Esteban Ruiz.
The original article can be found at: https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01</a


Details

Opening a specially crafted report format file allows execution of script code, which may allow remote code execution, data exfiltration, or cause a system crash.

Vulnerable Systems:

  • LCDS LAquis SCADA prior to version 4.1.0.4150

CVE Information:
CVE-2018-18988

Disclosure Timeline:
Publish Date: January 15, 2019

Categories: News