Описание
LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.0.4150 (исключая)
cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04258
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-23
CWE-22
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.
EPSS
Процентиль: 89%
0.04258
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-23
CWE-22