OTPulse
FeedAboutContact

LCDS LAquis SCADA

Plan Patch7.1ICS-CERT ICSA-24-291-02Oct 17, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

LAquis SCADA versions 4.7.1.511 and earlier contain a web-based vulnerability (CWE-79) that allows an attacker to inject arbitrary code or steal session cookies from operators. Successful exploitation could enable unauthorized control of SCADA functions or manipulation of system operations. The vulnerability requires user interaction—an operator must click a malicious link or visit attacker-controlled content. No active exploitation has been reported.

What this means
What could happen
An attacker could steal session cookies from SCADA operators or inject malicious code into the web interface, allowing unauthorized control of the SCADA system or manipulation of grid/process operations.
Who's at risk
Energy sector operators running LAquis SCADA systems, including generation, transmission, and distribution utilities. Affects web interface access used by control room operators and engineering staff for system monitoring and configuration.
How it could be exploited
An attacker could trick a SCADA operator into clicking a malicious link or visiting a compromised webpage that injects code into the LAquis SCADA web interface. The injected code executes in the operator's browser, allowing the attacker to steal authentication cookies or perform unauthorized commands as that operator.
Prerequisites
  • Network access to the LAquis SCADA web interface
  • Valid SCADA operator with an active browser session
  • Victim must click a malicious link or visit attacker-controlled content (user interaction required)
remotely exploitablerequires user interactionlow attack complexityno authentication required for initial exploit deliveryaffects SCADA web interface used by operators
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
LAquis SCADA: 4.7.1.5114.7.1.5114.7.1.611 or newer versions of LAquis SCADA
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDTrain SCADA operators to avoid clicking links in unsolicited emails and to be suspicious of unexpected web requests
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LAquis SCADA to version 4.7.1.611 or newer
Long-term hardening
0/2
HARDENINGIsolate SCADA network behind firewall and restrict access from business networks and the internet
HARDENINGImplement VPN with current security patches for any remote access to SCADA systems
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/05eea466-3189-4db9-8218-e0adc28e0ddc
LCDS LAquis SCADA | CVSS 7.1 - OTPulse