LAquis.SCADA.Web.Server.relatorioindividual.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Remote Code Injection vulnerability in LAquis SCADA Web Server.
A remote, unauthenticated attacker could exploit this vulnerability by sending a request with a crafted HTTP parameter. Successful exploitation results in arbitrary command execution under the security context of the LAquis SCADA process.

affected-products-logoAffected Products

LAquis SCADA 4.1.0.3870 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to the latest version, available from this website:
https://laquisscada.com/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-07-12 14.648 Sig Added
2019-05-23 14.619 Sig Added
2019-03-12 14.571 Default_action:pass:drop
2019-02-20 14.557 Sig Added
2019-02-07 14.544