HTTP: LAquis SCADA Web Server CVE-2018-18992 Command Injection
This signature detects attempts to exploit a known vulnerability against LAquis SCADA. Successful exploitation results in the execution of arbitrary commands with the privileges of the web server process.
Extended Description
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.
Affected Products
Lcds laquis_scada
References
BugTraq: 106634
CVE: CVE-2018-18992
URL: http://www.zerodayinitiative.com/advisories/zdi-19-062/
Short Name
HTTP:CVE-2018-18992-CMD-INJ
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-18992 Command Injection LAquis SCADA Server Web bid:106634
Release Date
02/15/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Lcds
CVSS Score
6.8