CVE-2017-6016

HIGH

LCDS LAquis SCADA < 4.1 - Authenticated Privilege Escalation via File Modification

Title source: llm
STIX 2.1

Description

An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96942
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01

Scores

CVSS v3 7.3
EPSS 0.0032
EPSS Percentile 24.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (2)
leao_consultoria_e_desenvolvimento_de_sistemas/ltda_me_laquis_scada < 4.1
n/a/LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA
Published May 19, 2017
Tracked Since Feb 18, 2026