HTTP: LAquis SCADA LGX Report File Parsing Out-Of-Bounds Write
This signature detects attempts to exploit a known vulnerability against LAquis SCADA. Successful exploitation could cause application to terminate abnormally or result in possible arbitrary code execution under the security context of the user.
Extended Description
LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution.
Affected Products
Lcds laquis_scada
References
BugTraq: 106634
CVE: CVE-2018-18986
URL: http://www.zerodayinitiative.com/advisories/zdi-19-057/
Short Name
HTTP:STC:CVE-2018-18986-OB
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-18986 File LAquis LGX Out-Of-Bounds Parsing Report SCADA Write bid:106634
Release Date
06/19/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Lcds
CVSS Score
8.3