Since it build and run on top of Microsoft windows platform and speculated that vulnerabilities might given from Microsoft itself. For instance: LAquis SCADA Versions 4.1.0.3870 and prior
Integer overflow to buffer overflow vulnerabilities, which may allow remote code execution.
Hints: Microsoft GDI+ is prone to an integer-overflow vulnerability. An attacker can exploit this issue by enticing unsuspecting users to view a malicious BMP file.
Vulnerabilities checklist:
- CVE-2018-17895 out-of-bounds read vulnerabilities, which may allow remote code execution.
- CVE-2018-17911 stack-based buffer overflow vulnerabilities, which may allow remote code execution.
- CVE-2018-17899 path traversal vulnerability, which may allow remote code execution
- CVE-2018-17901 when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process.
- CVE-2018-17897 integer overflow to buffer overflow vulnerabilities, which may allow remote code execution.
- CVE-2018-17893 untrusted pointer dereference vulnerability, which may allow remote code execution.
Remedy: Upgrade to 4.1.0.4114 or later