23 results (0.014 seconds)

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

There are multiple ways in LCDS LAquis SCADA for an attacker to access locations outside of their own directory. Hay varias formas en LCDS LAquis SCADA para que un atacante acceda a ubicaciones fuera de su propio directorio. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the AddComboFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-142-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting. Cuando es solicitado un recurso no existente, la aplicación LCDS LAquis SCADA (versiones 4.3.1.1011 y anteriores) devuelve mensajes de error que pueden permitir un ataque de tipo cross-site scripting reflejado • https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. LCDS LAquis SCADA versiones 4.3.1 y anteriores. El producto afectado es vulnerable a una exposición de información confidencial por parte de usuarios no autorizados. This vulnerability allows remote attackers to create arbitrary files on affected installations of LAquis SCADA. • https://www.us-cert.gov/ics/advisories/icsa-20-119-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users LCDS LAquis SCADA versiones 4.3.1 y anteriores. El producto afectado es vulnerable a una creación de archivos arbitrarios por parte de usuarios no autorizados. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the TextFile.Read method when processing LGX files. • https://www.us-cert.gov/ics/advisories/icsa-20-119-01 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. LCDS Laquis SCADA, en versiones anteriores a la 4.1.0.4150, permite la ejecución de código script abriendo un archivo de formato de informe especialmente manipulado. Esto podría permitir la ejecución remota de código, la exfiltración de datos o provocar el cierre inesperado del sistema. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. • http://www.securityfocus.com/bid/106634 https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •