Lucene search
Esteban Ruiz (mr_me) of Source InciteZDI-19-061HistoryJan 19, 2019 - 12:00 a.m.
LAquis SCADA Web Server relatorioindividual TITULO Command Injection Remote Code Execution Vulnerability
2019-01-1900:00:00
Esteban Ruiz (mr_me) of Source Incite
www.zerodayinitiative.com
7
EPSS
0.053
Percentile
93.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorioindividual.lhtml. When parsing the TITULO Element, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the aq process.
Related
cvelist
cvelist
CVE-2018-18992
2019-02-05 18:00:00
zdi
zdi
prion
prion
Code injection
2019-02-05 18:29:00
nvd
nvd
CVE-2018-18992
2019-02-05 18:29:00
checkpoint_advisories
checkpoint_advisories
LAquis SCADA Web Server Command Injection (CVE-2018-18992)
2019-02-24 00:00:00
LAquis SCADA Web Server PAGINA Command Injection (CVE-2018-18992)
2019-04-01 00:00:00
cve
cve
CVE-2018-18992
2019-02-05 18:29:00
ics
ics
LCDS - LeΓ£o Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
2019-01-15 12:00:00