Vulnerabilities > Lcds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-25 | CVE-2021-32989 | Cross-site Scripting vulnerability in Lcds Laquis Scada When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting. | 6.1 |
| 2020-05-04 | CVE-2020-10622 | Unspecified vulnerability in Lcds Laquis Scada LCDS LAquis SCADA Versions 4.3.1 and prior. | 7.8 |
| 2020-05-04 | CVE-2020-10618 | Information Exposure vulnerability in Lcds Laquis Scada LCDS LAquis SCADA Versions 4.3.1 and prior. | 5.5 |
| 2019-03-27 | CVE-2019-6536 | Out-of-bounds Write vulnerability in Lcds Laquis Scada 4.1.0.4150 Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process. | 7.8 |
| 2019-02-05 | CVE-2018-19029 | NULL Pointer Dereference vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash. | 7.8 |
| 2019-02-05 | CVE-2018-19002 | Code Injection vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash. | 7.8 |
| 2019-02-05 | CVE-2018-19000 | Improper Authentication vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data. | 5.3 |
| 2019-02-05 | CVE-2018-18998 | Use of Hard-coded Credentials vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges. | 9.8 |
| 2019-02-05 | CVE-2018-18996 | Missing Authorization vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server. | 9.8 |
| 2019-02-05 | CVE-2018-18992 | Injection vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server. | 8.8 |