LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA

Monitor7.8ICS-CERT ICSA-19-015-01Jan 15, 2019

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

LCDS LAquis SCADA versions up to 4.1.0.3870 contain multiple vulnerabilities including input validation flaws (CWE-20), buffer overflows (CWE-125), unsafe code execution (CWE-94), hardcoded credentials (CWE-798), and improper authentication (CWE-288). These vulnerabilities could enable remote code execution, data exfiltration, or system crash.

What this means

What could happen

An attacker could execute arbitrary commands on the LAquis SCADA system, potentially altering process parameters, stopping operations, or exfiltrating sensitive control system data from energy facilities.

Who's at risk

Energy sector operators running LAquis SCADA systems should prioritize this advisory. This applies specifically to organizations using LAquis SCADA for control of critical infrastructure, including power generation, distribution, and substation automation equipment.

How it could be exploited

An attacker with local or network access to a device running LAquis SCADA could exploit input validation flaws or buffer overflow conditions to execute arbitrary code on the system. The presence of hardcoded credentials and weak authentication mechanisms could facilitate initial access or privilege escalation once on the network.

Prerequisites

Network or local access to a device running LAquis SCADA 4.1.0.3870 or earlier
Knowledge of vulnerable input vectors or the ability to craft malicious payloads to trigger buffer overflows
User interaction to open a malicious file or click a link (based on CVSS vector requiring UI interaction)

Multiple input validation and buffer overflow vulnerabilitiesHardcoded credentials presentWeak authentication mechanismsRemote code execution possibleNo patch available for current version (update required)

Exploitability

Moderate exploit probability (EPSS 4.3%)

Affected products (1)

ProductAffected VersionsFix Status

SCADA: 4.1.0.38704.1.0.3870No fix yet

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDIf remote access is required, use secure VPN connections and keep VPN software updated

HARDENINGReview and revoke any hardcoded credentials in LAquis SCADA installations and implement credential rotation

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LAquis SCADA to version 4.1.0.4150 or later from https://laquisscada.com

Long-term hardening

0/3

HARDENINGMinimize network exposure for LAquis SCADA systems and ensure they are not accessible from the Internet

HARDENINGPlace control system networks and LAquis SCADA devices behind firewalls and isolate from business network

HARDENINGImplement input validation and output encoding controls on any LAquis SCADA interfaces

CVEs (11)

CVE-2018-18988 CVE-2018-19004 CVE-2018-19002 CVE-2018-19029 CVE-2018-18986 CVE-2018-18990 CVE-2018-18994 CVE-2018-18992 CVE-2018-18996 CVE-2018-18998 CVE-2018-19000

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0bb54544-6bf9-44f0-9f20-368c4ad86ce8