LCDS LAquis SCADA

Act Now9.3ICS-CERT ICSA-21-208-04Jul 27, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in LCDS LAquis SCADA versions 4.3.1.1011 and prior allows an unauthenticated remote attacker to access sensitive information or execute arbitrary code on the SCADA interface. The vulnerability does not require user interaction. LCDS recommends upgrading to version 4.3.1.1079 or later.

What this means

What could happen

An unauthenticated attacker with network access to the LAquis SCADA interface could steal sensitive data or execute arbitrary code on the SCADA system, potentially allowing unauthorized control of energy infrastructure processes or shutdown of critical operations.

Who's at risk

Energy sector operators running LCDS LAquis SCADA systems version 4.3.1.1011 or earlier. This includes utilities managing power generation, transmission, and distribution infrastructure that rely on LAquis for supervisory control and monitoring.

How it could be exploited

An attacker on the network sends a specially crafted request to the LAquis SCADA interface on port 80/443 (typical web SCADA). The vulnerability allows the attacker to bypass authentication and either read sensitive information (configuration, credentials, operational data) or inject and execute arbitrary code. No interaction from an operator is required.

Prerequisites

Network access to the LAquis SCADA web interface (port 80 or 443)
No credentials required for exploitation

Remotely exploitableNo authentication requiredLow complexityAffects supervisory control of energy infrastructurePatch available but version upgrade required

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

Versions: 4.3.1.1011 and prior≤ 4.3.1.1011No fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to LAquis SCADA to authorized engineering and administrative staff only using firewall rules; block all Internet-facing access

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade LAquis SCADA to version 4.3.1.1079 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate the SCADA control system behind a firewall from the business network

HARDENINGIf remote access to LAquis is required, enforce secure VPN connections and keep VPN software updated

CVEs (1)

CVE-2021-32989

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b9ed3e85-c0b3-4eb6-9041-fb874e0f19b9