LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLcds Laquis Scada
APPLcds< 4.1.0.4150
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2021-32989CRITICAL9.3ten sam produkt
When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) re...
CVE-2018-18998CRITICAL9.8ten sam produkt
LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unautho...
CVE-2018-17895CRITICAL9.8ten sam produkt
LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which may allow rem...
CVE-2018-17893CRITICAL9.8ten sam produkt
LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow...
CVE-2018-17897CRITICAL9.8ten sam produkt
LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, wh...