CVE-2018-18988

Summary

LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.

Affected Software

VendorProductVersion RangeStatus
ICS-CERTLCDS Laquis SCADAAll versions prior to version 4.1.0.4150affected

Weaknesses

  • CWE-125: OUT-OF-BOUNDS READ CWE-125

ADP Enrichment

CVE Program Container

Additional References

References