CVE-2018-17899

Name of the Vulnerable Software and Affected Versions: LAquis SCADA versions 4.1.0.3870 and prior

Description: The issue is related to a path traversal vulnerability, which may allow remote code execution. It is associated with insufficient checking of the directory path name, potentially enabling a remote attacker to execute arbitrary code.

Recommendations: For LAquis SCADA versions 4.1.0.3870 and prior, consider restricting access to sensitive directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using directories that may be vulnerable to path traversal attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.