CVE-2018-17901

Name of the Vulnerable Software and Affected Versions: LAquis SCADA versions 4.1.0.3870 and prior

Description: The issue is related to a buffer overflow in memory due to improper data recording. This can be exploited by an attacker using a specially crafted file, potentially allowing the execution of arbitrary code. The vulnerability is also related to the application's failure to sanitize user input when processing project files, which may enable an attacker to execute code under the current process.

Recommendations: For LAquis SCADA versions 4.1.0.3870 and prior, consider restricting the processing of project files from untrusted sources until a patch is available. As a temporary workaround, avoid using specially crafted files that could trigger the buffer overflow issue. Restrict access to the LQS File Parsing module to minimize the risk of exploitation.