LCDS Updates SCADA Software

Thursday, March 14, 2019 @ 08:03 PM gHale

LCDS—Leão Consultoria e Desenvolvimento de Sistemas LTDA ME has a new version to mitigate an out-of-bounds write vulnerability in its LAquis SCADA, according to a report with NCCIC.

Successful exploitation of this vulnerability, discovered by Mat Powell, working with Zero Day Initiative, could allow remote code execution.

RELATED STORIES
Siemens Mitigates SCALANCE Hole
Update to WibuKey Digital Rights Management Holes
Rockwell Patches RSLinx Classic Issue
PSI GridConnect has Fix for Telecontrol

Industrial automation software version SCADA 4.1.0.4150 suffers from the vulnerability.

In the vulnerability, by opening specially crafted ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process.

CVE-2019-6536 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

The product sees use in the chemical, commercial facilities, energy, food and agriculture, transportation systems, and water and wastewater systems sectors. The product sees use mainly in South America.

This vulnerability is exploitable locally. No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Brazil-based LCDS recommends users update to Version 4.3.1.71.



Leave a Reply

You must be logged in to post a comment.