CVE-2018-18990

Summary

LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.

Affected Software

VendorProductVersion RangeStatus
ICS-CERTLCDS Laquis SCADAAll versions prior to version 4.1.0.4150affected

Weaknesses

  • CWE-23: RELATIVE PATH TRAVERSAL CWE-23

ADP Enrichment

CVE Program Container

Additional References

References