CVE-2018-18988

Name of the Vulnerable Software and Affected Versions LCDS Laquis SCADA versions prior to 4.1.0.4150

Description The issue allows execution of script code by opening a specially crafted report format file, which may lead to remote code execution, data exfiltration, or cause a system crash. Multiple vulnerabilities have been identified in the LAquis SCADA LGX Report, including path traversal, information disclosure, remote code execution, and arbitrary file creation.

Recommendations For versions prior to 4.1.0.4150, update to version 4.1.0.4150 or later to resolve the issue. As a temporary workaround, consider restricting the opening of report format files from untrusted sources until a patch is available. Avoid using the LGX Report feature until the issue is resolved. Restrict access to the LGX Report module to minimize the risk of exploitation. Consider disabling the ShellExecute function and other vulnerable functions until a patch is available. At the moment, there is no other information about additional mitigation measures for this vulnerability.