Lucene search

MitreCVE-2021-41579

HistoryOct 04, 2021 - 6:15 p.m.

CVE-2021-41579

2021-10-0418:15:09

CWE-22

mitre

web.nvd.nist.gov

cve-2021-41579

lcds laquis scada

vulnerability

control bypass

path traversal

consent popup

code execution

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

30.4%

JSON

LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution.

Affected configurations

Nvd

Node

laquisscadascadaRange≤4.3.1.1085

VendorProductVersionCPE
laquisscadascada*cpe:2.3:a:laquisscada:scada:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
laquisscada	scada	*	cpe:2.3:a:laquisscada:scada::::::::

References

github.com/jacob-baines/vuln_disclosure/blob/main/vuln_2021_04.txt

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

30.4%

JSON

Related for CVE-2021-41579