SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-976506935] LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-03-16OtherLCDSKarn Ganeshen identified and reported the vulnerability to ICS-CERT and tested the update. N/ACVE-2017-6016 N/AN/AN/A

Source

						
							
								
#
# LCDS - Le„o Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA
#


### VULNERABLE VENDOR
LCDS


### VULNERABLE PRODUCT
LAquis SCADA



### RESEARCHER
Karn Ganeshen identified and reported the vulnerability to ICS-CERT and tested the update.



### AFFECTED PRODUCTS

The following versions of LAquis SCADA, an industrial automation software, are affected:

LAquis SCADA software, Versions 4.1 and prior versions released before January 20, 2017.



### IMPACT

Successful exploitation of this vulnerability could allow authenticated system users to escalate their privileges and modify or replace application files.



### VULNERABILITY OVERVIEW

IMPROPER ACCESS CONTROL CWE-284
An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges.
CVE-2017-6016 has been assigned to this vulnerability.
A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sector(s): Chemical, Commercial Facilities, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater Systems
Countries/Areas Deployed: South America
Company Headquarters Location: Joinville-SC, Brazil




### MITIGATION

LCDS recommends that users install the update that can be found at this location:

http://laquisscada.com/instale1.php