Описание
A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:laquisscada:scada:4.3.1.71:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00155
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-843
CWE-843
Связанные уязвимости
github
больше 3 лет назад
A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
EPSS
Процентиль: 36%
0.00155
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-843
CWE-843