CVE-2021-32989

Summary

When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.

Affected Software

VendorProductVersion RangeStatus
LCDS—Leão Consultoria e Desenvolvimento de Sistemas Ltda MELAquis SCADAAll <= 4.3.1.1011affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References