CVE-2021-41579

HIGH

Scada < 4.3.1.1085 - Path Traversal

Title source: rule

Description

LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution.

Exploits (1)

nomisec WORKING POC

by mbanyamer · poc

https://github.com/mbanyamer/CVE-2021-41579-LCDS-LAquis-SCADA-4.3.1.1085-Arbitrary-File-Write

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/jacob-baines/vuln_disclosure/blob/main/vuln_2021_04.txt

Scores

CVSS v3 7.8

EPSS 0.0108

EPSS Percentile 77.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

laquisscada/scada < 4.3.1.1085

Published Oct 04, 2021

Tracked Since Feb 18, 2026