Security Advisories and Alerts – LAquis SCADA Versions 4.1.0.3870 and prior

Since it build and run on top of Microsoft windows platform and speculated that vulnerabilities might given from Microsoft itself. For instance: LAquis SCADA Versions 4.1.0.3870 and prior

Integer overflow to buffer overflow vulnerabilities, which may allow remote code execution.

Hints: Microsoft GDI+ is prone to an integer-overflow vulnerability. An attacker can exploit this issue by enticing unsuspecting users to view a malicious BMP file.

Vulnerabilities checklist:

  • CVE-2018-17895 out-of-bounds read vulnerabilities, which may allow remote code execution.
  • CVE-2018-17911 stack-based buffer overflow vulnerabilities, which may allow remote code execution.
  • CVE-2018-17899 path traversal vulnerability, which may allow remote code execution
  • CVE-2018-17901 when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process.
  • CVE-2018-17897 integer overflow to buffer overflow vulnerabilities, which may allow remote code execution.
  • CVE-2018-17893 untrusted pointer dereference vulnerability, which may allow remote code execution.

Remedy: Upgrade to 4.1.0.4114 or later

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.