CVE-2018-19002

Summary

LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash.

Affected Software

VendorProductVersion RangeStatus
LCDSLCDS Laquis SCADAAll versions prior to version 4.1.0.4150affected

Weaknesses

  • CWE-94: IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') CWE-94

ADP Enrichment

CVE Program Container

Additional References

References