PT-2017-16837 · Laquis · Laquis Scada

James Fitts

Published

2017-04-12

Updated

2019-10-09

CVE-2017-6020

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions LAquis SCADA software versions prior to 4.1.0.3237

Description The issue concerns a directory traversal information disclosure problem. It arises because the software does not properly neutralize external input, allowing users to potentially access absolute path sequences outside of their intended privilege level.

Recommendations For LAquis SCADA software versions prior to 4.1.0.3237, update to version 4.1.0.3237 or later to resolve the issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2017-6020

ZDI-17-286

Affected Products

Laquis Scada

PT-2017-16837 · Laquis · Laquis Scada

CVE-2017-6020

Weakness Enumeration

Related Identifiers

Affected Products

References · 6