CVE-2019-6536

Name of the Vulnerable Software and Affected Versions LAquis SCADA versions prior to 4.3.1.71

Description The issue allows an attacker to execute remote code in the context of the current process by opening a specially crafted ELS file, which results in a write past the end of an allocated buffer.

Recommendations For versions prior to 4.3.1.71, update to version 4.3.1.71 or later to resolve the issue. As a temporary workaround, consider restricting access to ELS files from untrusted sources until the update is applied.