CVE-2017-6020

MEDIUM

Lcds Laquis Scada < 4.1.0.3237 - Path Traversal

Title source: rule

Description

Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.

Exploits (1)

exploitdb WORKING POC
by James Fitts · rubyremotemultiple
https://www.exploit-db.com/exploits/42885

References (3)

Scores

CVSS v3 5.3
EPSS 0.0668
EPSS Percentile 91.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
lcds/laquis_scada < 4.1.0.3237
Published Apr 17, 2018
Tracked Since Feb 18, 2026