Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for LCDS Laquis SCADA by ICS-CERT

    CVE-2018-19000 (GCVE-0-2018-19000)

    Vulnerability from nvd – Published: 2019-02-05 18:00 – Updated: 2024-09-16 19:57
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.
    Severity
    No CVSS data available.
    CWE
    • CWE-288 - AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.521Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-06T10:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-19000",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-19000",
        "datePublished": "2019-02-05T18:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:57:27.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18998 (GCVE-0-2018-18998)

    Vulnerability from nvd – Published: 2019-02-05 18:00 – Updated: 2024-09-16 20:16
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.679Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-06T10:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-18998",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-18998",
        "datePublished": "2019-02-05T18:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:16:26.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18996 (GCVE-0-2018-18996)

    Vulnerability from nvd – Published: 2019-02-05 18:00 – Updated: 2024-09-16 22:46
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.
    Severity
    No CVSS data available.
    CWE
    • CWE-74 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT ('INJECTION') CWE-74
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.918Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT (\u0027INJECTION\u0027) CWE-74",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-06T10:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-18996",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT (\u0027INJECTION\u0027) CWE-74"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-18996",
        "datePublished": "2019-02-05T18:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:46:36.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18992 (GCVE-0-2018-18992)

    Vulnerability from nvd – Published: 2019-02-05 18:00 – Updated: 2024-09-16 18:09
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.
    Severity
    No CVSS data available.
    CWE
    • CWE-74 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT ('INJECTION') CWE-74
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT (\u0027INJECTION\u0027) CWE-74",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-06T10:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-18992",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT (\u0027INJECTION\u0027) CWE-74"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-18992",
        "datePublished": "2019-02-05T18:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:09:12.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18990 (GCVE-0-2018-18990)

    Vulnerability from nvd – Published: 2019-02-05 18:00 – Updated: 2024-09-17 01:21
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.
    Severity
    No CVSS data available.
    CWE
    • CWE-23 - RELATIVE PATH TRAVERSAL CWE-23
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "RELATIVE PATH TRAVERSAL CWE-23",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-06T10:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-18990",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "RELATIVE PATH TRAVERSAL CWE-23"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-18990",
        "datePublished": "2019-02-05T18:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:21:51.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-19004 (GCVE-0-2018-19004)

    Vulnerability from nvd – Published: 2019-02-01 18:00 – Updated: 2024-09-16 18:44
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - OUT-OF-BOUNDS READ CWE-125
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.522Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "OUT-OF-BOUNDS READ CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-02T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-19004",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS READ CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-19004",
        "datePublished": "2019-02-01T18:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:44:50.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18988 (GCVE-0-2018-18988)

    Vulnerability from nvd – Published: 2019-02-01 17:00 – Updated: 2024-09-16 17:14
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - OUT-OF-BOUNDS READ CWE-125
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "OUT-OF-BOUNDS READ CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-02T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-18988",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS READ CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-18988",
        "datePublished": "2019-02-01T17:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:06.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18998 (GCVE-0-2018-18998)

    Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-16 20:16
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.679Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-06T10:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-18998",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-18998",
        "datePublished": "2019-02-05T18:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:16:26.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-19000 (GCVE-0-2018-19000)

    Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-16 19:57
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.
    Severity
    No CVSS data available.
    CWE
    • CWE-288 - AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.521Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-06T10:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-19000",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-19000",
        "datePublished": "2019-02-05T18:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:57:27.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18990 (GCVE-0-2018-18990)

    Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-17 01:21
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.
    Severity
    No CVSS data available.
    CWE
    • CWE-23 - RELATIVE PATH TRAVERSAL CWE-23
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "RELATIVE PATH TRAVERSAL CWE-23",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-06T10:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-18990",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "RELATIVE PATH TRAVERSAL CWE-23"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-18990",
        "datePublished": "2019-02-05T18:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:21:51.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18996 (GCVE-0-2018-18996)

    Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-16 22:46
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.
    Severity
    No CVSS data available.
    CWE
    • CWE-74 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT ('INJECTION') CWE-74
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.918Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT (\u0027INJECTION\u0027) CWE-74",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-06T10:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-18996",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT (\u0027INJECTION\u0027) CWE-74"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-18996",
        "datePublished": "2019-02-05T18:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:46:36.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18992 (GCVE-0-2018-18992)

    Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-16 18:09
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.
    Severity
    No CVSS data available.
    CWE
    • CWE-74 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT ('INJECTION') CWE-74
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT (\u0027INJECTION\u0027) CWE-74",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-06T10:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-18992",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT (\u0027INJECTION\u0027) CWE-74"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-18992",
        "datePublished": "2019-02-05T18:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:09:12.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-19004 (GCVE-0-2018-19004)

    Vulnerability from cvelistv5 – Published: 2019-02-01 18:00 – Updated: 2024-09-16 18:44
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - OUT-OF-BOUNDS READ CWE-125
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.522Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "OUT-OF-BOUNDS READ CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-02T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-19004",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS READ CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-19004",
        "datePublished": "2019-02-01T18:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:44:50.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18988 (GCVE-0-2018-18988)

    Vulnerability from cvelistv5 – Published: 2019-02-01 17:00 – Updated: 2024-09-16 17:14
    VLAI
    Summary
    LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - OUT-OF-BOUNDS READ CWE-125
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT LCDS Laquis SCADA Affected: All versions prior to version 4.1.0.4150
    Create a notification for this product.
    Date Public
    2019-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
              },
              {
                "name": "106634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106634"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LCDS Laquis SCADA",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 4.1.0.4150"
                }
              ]
            }
          ],
          "datePublic": "2019-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "OUT-OF-BOUNDS READ CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-02T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
            },
            {
              "name": "106634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106634"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-15T00:00:00",
              "ID": "CVE-2018-18988",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LCDS Laquis SCADA",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 4.1.0.4150"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OUT-OF-BOUNDS READ CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01"
                },
                {
                  "name": "106634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106634"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-18988",
        "datePublished": "2019-02-01T17:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:06.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }