LCDS LAquis SCADA LQS File Parsing

Plan Patch7.8ICS-CERT ICSA-19-213-06Aug 1, 2019

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

LCDS LAquis SCADA versions 4.3.1.71 and earlier contain improper input validation vulnerabilities in LQS file parsing. Successful exploitation could allow an attacker to obtain confidential information or execute code. These vulnerabilities are not remotely exploitable.

What this means

What could happen

An attacker with local access to a workstation running LAquis SCADA could read sensitive configuration data or execute arbitrary code by crafting a malicious LQS file, potentially altering process parameters or shutting down SCADA operations.

Who's at risk

Energy sector organizations operating LAquis SCADA systems should prioritize patching. This affects any user with LAquis SCADA running on engineering workstations, HMI servers, or configuration machines. Operators with systems configured with automatic file downloads or shared folders are at higher risk.

How it could be exploited

An attacker must convince a user to open a malicious LQS file on a machine running LAquis SCADA. When the file is parsed, improper input validation allows the attacker to either read confidential data or execute code with the privileges of the SCADA application.

Prerequisites

Local access to a workstation running LAquis SCADA 4.3.1.71 or earlier
User must open a malicious LQS file
No special credentials or authentication bypass required

low complexity attackuser interaction requiredlocal access onlyaffects SCADA configuration and operationsno patch available for version 4.3.1.71

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

SCADA: 4.3.1.714.3.1.714.3.1.323

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDImplement email security controls to block unsolicited LQS file attachments to SCADA workstations

HARDENINGTrain operators and engineers to not open LQS files from untrusted sources; only accept files from known LCDS distribution channels

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LAquis SCADA to version 4.3.1.323 or later

Long-term hardening

0/1

HARDENINGSegment SCADA workstations from general IT network to limit ability to receive malicious email attachments

CVEs (2)

CVE-2019-10994 CVE-2019-10980

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/26ca3b70-87ad-42eb-8247-959d78391938