LCDS LAquis SCADA

Plan Patch7.8ICS-CERT ICSA-20-287-02Oct 13, 2020

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

LAquis SCADA versions prior to 4.3.1.870 contain an out-of-bounds memory read vulnerability (CWE-125) that can be exploited through malicious project files. Successful exploitation allows code execution under the application's privileges. The vulnerability is triggered when a user opens a malicious project file or follows a malicious link; it requires local access and social engineering but does not require user credentials or special configuration.

What this means

What could happen

An attacker with local access to a computer running LAquis SCADA could execute arbitrary code with the privileges of the SCADA application, potentially allowing them to modify process parameters or interfere with energy system operations.

Who's at risk

Electric utilities and other energy sector organizations using LCDS LAquis SCADA software for process monitoring and control. This affects engineering workstations, historian servers, and any computer where LAquis is installed and used to manage industrial processes.

How it could be exploited

The attacker must trick a user into opening a malicious project file or clicking a link in an email. When the file is opened in LAquis SCADA, code execution occurs under the application's privileges. No special technical sophistication is required once the user is socially engineered.

Prerequisites

Physical or logical local access to a workstation running LAquis SCADA
User must open a malicious project file from an untrusted source or click a malicious link in email
Target running LAquis SCADA version < 4.3.1.870

Low attack complexityRequires user interaction (social engineering)Local access required—not remotely exploitableCode execution under application privileges

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

LAquis SCADA:< 4.3.1.8704.3.1.870 or later

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDTrain users and engineering staff to avoid opening project files from untrusted sources and not to click links or open attachments from unsolicited emails

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LAquis SCADA to version 4.3.1.870 or later

Long-term hardening

0/2

HARDENINGSegment SCADA engineering workstations from general corporate networks and limit their internet connectivity to reduce email and web-based social engineering exposure

HARDENINGImplement email content filtering to block suspicious attachments and identify spoofed sender addresses

CVEs (1)

CVE-2020-25188

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/88677dc7-571e-48a6-abba-291641af1069