PT-2019-9686 · Lcds · Lcds Laquis Scada

Esteban Ruiz

Published

2019-01-19

Updated

2019-10-09

CVE-2018-18986

CVSS v2.0

8.3

High

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions LCDS Laquis SCADA versions prior to 4.1.0.4150

Description The issue allows the opening of a specially crafted report format file, which may cause an out of bounds read. This can lead to a system crash, allow data exfiltration, or enable remote code execution.

Recommendations For versions prior to 4.1.0.4150, update to version 4.1.0.4150 or later to resolve the issue. As a temporary workaround, consider restricting the opening of report format files from untrusted sources until a patch is applied.

Fix

Memory Corruption

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-125

Related Identifiers

CVE-2018-18986

ZDI-19-057

Affected Products

Lcds Laquis Scada

PT-2019-9686 · Lcds · Lcds Laquis Scada

CVE-2018-18986

Weakness Enumeration

Related Identifiers

Affected Products

References · 5