CVE-2018-17901

Sažetak

LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process.

Reference

http://laquisscada.com/instale1.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/151421
https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-10-2019 - 23:37

Objavljeno

17-10-2018 - 02:29