Aggregates CVE and security vulnerability intelligence across all lcds-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk buffer overflow, vendor risk path handling, and vendor risk input validation; exposure may include vendor impact unexpected behavior in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-32989 | When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting. | [email protected] | 9.3 | 0.23% | 2022-05-25 | 2024-11-21 |
| CVE-2020-10622 | LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users | [email protected] | 7.8 | 0.15% | 2020-05-04 | 2024-11-21 |
| CVE-2020-10618 | LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. | [email protected] | 5.5 | 0.17% | 2020-05-04 | 2024-11-21 |
| CVE-2019-6536 | Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process. | [email protected] | 7.8 | 0.16% | 2019-03-27 | 2024-11-21 |
| CVE-2018-19029 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash. | [email protected] | 7.8 | 0.47% | 2019-02-05 | 2024-11-21 |
| CVE-2018-19002 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash. | [email protected] | 7.8 | 0.47% | 2019-02-05 | 2024-11-21 |
| CVE-2018-19000 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data. | [email protected] | 5.3 | 0.45% | 2019-02-05 | 2024-11-21 |
| CVE-2018-18998 | LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges. | [email protected] | 9.8 | 0.62% | 2019-02-05 | 2024-11-21 |
| CVE-2018-18996 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server. | [email protected] | 9.8 | 0.62% | 2019-02-05 | 2024-11-21 |
| CVE-2018-18992 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server. | [email protected] | 8.8 | 0.43% | 2019-02-05 | 2024-11-21 |
| CVE-2018-18990 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process. | [email protected] | 5.3 | 4.26% | 2019-02-05 | 2024-11-21 |
| CVE-2018-18986 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution. | [email protected] | 7.8 | 0.47% | 2019-02-05 | 2024-11-21 |
| CVE-2018-19004 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration. | [email protected] | 3.3 | 0.07% | 2019-02-01 | 2024-11-21 |
| CVE-2018-18988 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. | [email protected] | 8.8 | 1.10% | 2019-02-01 | 2024-11-21 |
| CVE-2018-17911 | LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution. | [email protected] | 7.8 | 0.73% | 2018-10-17 | 2024-11-21 |
| CVE-2018-17901 | LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process. | [email protected] | 7.8 | 0.29% | 2018-10-17 | 2024-11-21 |
| CVE-2018-17899 | LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution. | [email protected] | 8.8 | 5.13% | 2018-10-17 | 2024-11-21 |
| CVE-2018-17897 | LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution. | [email protected] | 9.8 | 7.07% | 2018-10-17 | 2024-11-21 |
| CVE-2018-17895 | LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which may allow remote code execution. | [email protected] | 9.8 | 4.33% | 2018-10-17 | 2024-11-21 |
| CVE-2018-17893 | LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution. | [email protected] | 9.8 | 4.62% | 2018-10-17 | 2024-11-21 |