#VU11612 Improper check or handling of exceptional conditions in LAquis SCADA - CVE-2018-5463
Published: April 6, 2018
Vulnerability identifier: #VU11612
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear
CVE-ID: CVE-2018-5463
CWE-ID: CWE-703
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
LAquis SCADA
LAquis SCADA
Software vendor:
Leão Consultoria e Desenvolvimento de Sistemas
Leão Consultoria e Desenvolvimento de Sistemas
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to improper check or handling of exceptional conditions. A local attacker can trigger structured exception handler overflow and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise
The weakness exists due to improper check or handling of exceptional conditions. A local attacker can trigger structured exception handler overflow and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise
Remediation
Update to version 4.1.0.3774.