CVE-2021-41579

Name of the Vulnerable Software and Affected Versions LCDS LAquis SCADA versions 4.3.1.1085 and earlier

Description The issue allows for a control bypass and path traversal. An attacker can exploit this by getting a victim to load a malicious els project file and use the play feature. This enables the attacker to bypass a consent popup and write arbitrary files to OS locations where the user has permission, potentially leading to code execution.

Recommendations For versions 4.3.1.1085 and earlier, consider disabling the play feature for els project files until a patch is available to prevent exploitation. Restrict access to sensitive OS locations to minimize the risk of arbitrary file writing. Avoid using the play feature with untrusted els project files. At the moment, there is no information about a newer version that contains a fix for this issue.