LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA Path Traversal Vulnerability
Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME
Equipment: LAquis SCADA
Vulnerability: Path Traversal
The following versions of LAquis SCADA, an industrial automation software, are affected:
LAquis SCADA software, versions prior to version 220.127.116.1137.
Successful exploitation of this vulnerability could allow an unprivileged, malicious attacker to access files remotely.
PATH TRAVERSAL CWE-22
The path traversal vulnerability exists when an application does not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.
CVE-2017-6020 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).