LCDS Mitigates SCADA Hole

Thursday, April 5, 2018 @ 05:04 PM gHale

LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME has new software to mitigate an improper check or handling exceptional conditions vulnerability in its LAquis SCADA, according to a report with ICS-CERT.

Successful exploitation of this vulnerability, discovered by Karn Ganeshen, could cause the device an attacker is accessing to crash, resulting in a structured exception handler overflow condition, which may allow code execution.

RELATED STORIES
Moxa MXview Fixes Flaw
Mitigation Strategy for Rockwell’s MicroLogix
Siemens Updates Building Technologies Fixes
Philips Remediates iSite, IntelliSpace Holes

Industrial automation software, LAquis SCADA software versions 4.1.0.3391 and prior suffer from the vulnerability.

A structured exception handler overflow vulnerability has been identified that may allow code execution.

CVE-2018-5463 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.0.

The product sees use mainly in the chemical, commercial facilities, energy, food and agriculture, transportation systems, and water and wastewater systems sectors. It also sees action mainly in South America.

No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. High skill level is needed to exploit.

Joinville-SC, Brazil-based LCDS recommends that users update to version 4.1.0.3774.



Leave a Reply

You must be logged in to post a comment.