LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ELS Files

MonitorCVSS 7.8ICS-CERT ICSA-19-073-01Mar 14, 2019

LCDSEnergy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

LAquis SCADA version 4.1.0.4150 and earlier contain a buffer overflow vulnerability (CWE-787) that allows local code execution. The vulnerability is triggered when a user opens a malicious file or link on a system running the affected SCADA software. Successful exploitation grants an attacker the ability to run arbitrary commands within the SCADA application context, potentially compromising process integrity and operational safety. The vulnerability requires local file system access and user interaction; no public exploits are currently known.

What this means

What could happen

A local attacker with user interaction could execute arbitrary code on the SCADA system, potentially allowing them to alter control logic, setpoints, or process parameters without authorization.

Who's at risk

Energy sector organizations using LAquis SCADA for process monitoring and control. Specifically impacts facilities that rely on SCADA operators to interact with files and communications as part of daily operations.

How it could be exploited

An attacker must trick a user into opening a malicious file or clicking a link on the local system where LAquis SCADA is installed. Once the user interacts with the crafted content, the attacker's code runs with the permissions of the SCADA application, enabling process manipulation or data corruption.

Prerequisites

Local file system access or ability to deliver social engineering payload to an authorized SCADA operator
User interaction required—operator must open the malicious file or click a link
LAquis SCADA version 4.1.0.4150 or earlier installed and in use

Local exploitation requiredUser interaction neededAffects SCADA control systemHigh impact if exploited

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

SCADA: 4.1.0.41504.1.0.4150No fix yet

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDTrain operators and engineering staff to recognize and avoid opening unsolicited email attachments and clicking unverified web links, especially from unknown senders

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LAquis SCADA to version 4.3.1.71 or later from https://laquisscada.com

Long-term hardening

0/1

HARDENINGRestrict physical and network access to SCADA engineering workstations and servers to authorized personnel only

CVEs (1)

CVE-2019-6536

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7b3c106f-3f26-4a14-bd10-c140ce0d1bec

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.