Improper check or handling of exceptional conditions in LAquis SCADA - CVE-2018-5463
Published: April 6, 2018
Vulnerability identifier: #VU11612
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear
CVE-ID: CVE-2018-5463
CWE-ID: CWE-703
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Leão Consultoria e Desenvolvimento de Sistemas
Affected software:
LAquis SCADA
LAquis SCADA
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to improper check or handling of exceptional conditions. A local attacker can trigger structured exception handler overflow and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise
The weakness exists due to improper check or handling of exceptional conditions. A local attacker can trigger structured exception handler overflow and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise
How to mitigate CVE-2018-5463
Update to version 4.1.0.3774.