Intrusion Prevention

LAquis.SCADA.Web.Server.relatorioindividual.Command.Injection

Description

This indicates an attack attempt to exploit a Remote Code Injection vulnerability in LAquis SCADA Web Server.
A remote, unauthenticated attacker could exploit this vulnerability by sending a request with a crafted HTTP parameter. Successful exploitation results in arbitrary command execution under the security context of the LAquis SCADA process.

Affected Products

LAquis SCADA 4.1.0.3870 and prior

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from this website:
https://laquisscada.com/

CVE References

CVE-2018-18992