Lucene search
Esteban Ruiz (mr_me) of Source InciteZDI-19-062HistoryJan 19, 2019 - 12:00 a.m.
LAquis SCADA Web Server acompanhamentotela PAGINA Command Injection Remote Code Execution Vulnerability
2019-01-1900:00:00
Esteban Ruiz (mr_me) of Source Incite
www.zerodayinitiative.com
14
EPSS
0.053
Percentile
93.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to acompanhamentotela.lhtml. When parsing the PAGINA Element, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the aq process.
Related
cvelist
cvelist
CVE-2018-18992
2019-02-05 18:00:00
zdi
zdi
checkpoint_advisories
checkpoint_advisories
LAquis SCADA Web Server Command Injection (CVE-2018-18992)
2019-02-24 00:00:00
LAquis SCADA Web Server PAGINA Command Injection (CVE-2018-18992)
2019-04-01 00:00:00
cve
cve
CVE-2018-18992
2019-02-05 18:29:00
prion
prion
Code injection
2019-02-05 18:29:00
nvd
nvd
CVE-2018-18992
2019-02-05 18:29:00
ics
ics
LCDS - LeΓ£o Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
2019-01-15 12:00:00