CVE-2018-18996

CRITICAL

LCDS Laquis SCADA < 4.1.0.4150 - Remote Code Execution

Title source: llm
STIX 2.1

Description

LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106634

Scores

CVSS v3 9.8
EPSS 0.0246
EPSS Percentile 82.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-74 CWE-862
Status published
Products (1)
lcds/laquis_scada < 4.1.0.4150
Published Feb 05, 2019
Tracked Since Feb 18, 2026