PT-2018-1719 · Laquis · Laquis Scada

Published

2018-10-02

Updated

2019-10-09

CVE-2018-17893

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: LAquis SCADA versions 4.1.0.3870 and prior

Description: The issue is related to an untrusted pointer dereference vulnerability in the LQS file parsing functionality of the LAquis SCADA tool, which is used for data collection and process control in industrial automation. This vulnerability may allow remote code execution.

Recommendations: For LAquis SCADA versions 4.1.0.3870 and prior, consider disabling the LQS file parsing functionality as a temporary workaround until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

NULL Pointer Dereference

Untrusted Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-822

Related Identifiers

BDU:2018-01312

CVE-2018-17893

ZDI-18-1246

Affected Products

Laquis Scada

PT-2018-1719 · Laquis · Laquis Scada

CVE-2018-17893

Weakness Enumeration

Related Identifiers

Affected Products

References · 10