LCDS LAquis SCADA

Plan PatchCVSS 7.1ICS-CERT ICSA-24-291-02Oct 17, 2024

LCDSEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

LAquis SCADA versions 4.7.1.511 and earlier contain a cross-site scripting (XSS) vulnerability in the web interface that allows an attacker to inject arbitrary JavaScript code. If an authenticated operator visits a malicious URL or clicks a crafted link, the injected code can steal session cookies, perform unauthorized actions on the SCADA system, or trick the operator into executing commands that could alter control system operations.

What this means

What could happen

An attacker could inject malicious code into the LAquis SCADA interface through a cross-site scripting (XSS) vulnerability, allowing them to steal operator session cookies or trick an operator into performing unauthorized actions on the SCADA system that could alter process setpoints or stop operations.

Who's at risk

Energy sector organizations operating LAquis SCADA systems, specifically affecting SCADA operators and any personnel with access to the web-based control interface. This impacts supervisory control systems in electric utilities and energy production facilities.

How it could be exploited

An attacker crafts a malicious URL or embeds JavaScript in a message and tricks an operator into clicking it while logged into LAquis SCADA. The injected code runs in the operator's browser with their session privileges, allowing the attacker to steal authentication cookies or execute commands on behalf of the operator.

Prerequisites

Operator must click a malicious link or visit an attacker-controlled page while authenticated to LAquis SCADA
Network access to the LAquis SCADA web interface (typically from trusted internal network)
Victim must have an active authenticated session

remotely exploitablelow complexityuser interaction required (operator must click link)

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

LAquis SCADA: 4.7.1.5114.7.1.5114.7.1.611 or newer versions of LAquis SCADA

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to LAquis SCADA web interface to only authorized operator workstations using firewall rules or network segmentation

HARDENINGEducate operators not to click external links or open attachments from unsolicited email, especially those that appear to reference SCADA or plant operations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LAquis SCADA to version 4.7.1.611 or newer

Long-term hardening

0/1

HARDENINGImplement a web application firewall (WAF) rule to block or sanitize XSS payloads targeting the SCADA interface

CVEs (1)

CVE-2024-9414

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/05eea466-3189-4db9-8218-e0adc28e0ddc

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.