Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-41579 | 1 Laquisscada | 1 Scada | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution. | |||||
CVE-2020-25188 | 1 Laquisscada | 1 Scada | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870). | |||||
CVE-2019-10994 | 1 Laquisscada | 1 Scada | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | |||||
CVE-2019-10980 | 1 Laquisscada | 1 Scada | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). |