OTPulse
FeedAboutContact

LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA

Monitor7.3ICS-CERT ICSA-17-075-01Mar 16, 2017
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

LAquis SCADA software versions 4.1 and earlier contain an improper access control vulnerability (CWE-284) that allows a local user with a valid account to bypass authorization checks and access sensitive information or modify configuration settings. The vulnerability requires local access and user interaction but can be exploited with low skill level. No security updates are planned by LCDS for this product.

What this means
What could happen
An attacker with local access to a system running LAquis SCADA could exploit improper access control to read sensitive information or modify critical SCADA configuration and operational parameters, potentially disrupting water or power distribution operations.
Who's at risk
Water and electric utilities operating LAquis SCADA software, particularly organizations using legacy versions (4.1 and earlier) for supervisory control and process monitoring of critical infrastructure assets such as pumping stations, distribution systems, and electrical substations.
How it could be exploited
An attacker with local account access to a machine running LAquis SCADA could bypass access controls to read sensitive data or alter SCADA configuration files and process parameters. No network access is required; the attacker must be logged into or have physical access to a workstation running the software.
Prerequisites
  • Local user account access to the system running LAquis SCADA
  • User interaction (e.g., user must open a file or perform an action)
low complexity exploitationrequires local accessimproper access controlno patch availableend-of-life product
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
LAquis SCADA software:≤ 4.1 | < january 20 2017.No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
WORKAROUNDRestrict local user access to systems running LAquis SCADA; limit accounts with interactive login to authorized engineering and operations staff only
WORKAROUNDImplement physical security controls to prevent unauthorized local access to SCADA workstations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade LAquis SCADA to a version newer than 4.1 if a fix becomes available from the vendor (currently no fix is planned)
Mitigations - no patch available
0/2
LAquis SCADA software: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegment SCADA network from corporate IT network to limit the attack surface and prevent lateral movement from compromised IT systems
HARDENINGMonitor and audit local account activity and file access on SCADA systems for suspicious behavior
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/0c6830c0-73eb-4c95-b28d-8ccba178317a
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA | CVSS 7.3 - OTPulse