March 25, 2017 Karn Ganeshen

[ICS] LAquis SCADA Path Traversal Vulnerability

LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA Path Traversal Vulnerability

Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME
Equipment: LAquis SCADA
Vulnerability: Path Traversal

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01

AFFECTED PRODUCTS

The following versions of LAquis SCADA, an industrial automation software, are affected:
LAquis SCADA software, versions prior to version 4.1.0.3237.

IMPACT
Successful exploitation of this vulnerability could allow an unprivileged, malicious attacker to access files remotely.

PATH TRAVERSAL CWE-22
The path traversal vulnerability exists when an application does not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.

CVE-2017-6020 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

+++++

Tagged: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *