Lucene search
Esteban Ruiz (mr_me) of Source InciteZDI-19-094HistoryJan 19, 2019 - 12:00 a.m.
LAquis SCADA LGX Report TextFile Read Directory Traversal Information Disclosure Vulnerability
2019-01-1900:00:00
Esteban Ruiz (mr_me) of Source Incite
www.zerodayinitiative.com
4
0.01 Low
EPSS
Percentile
83.9%
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the TextFile.Read method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information from the context of the current user.
Related
zdi
zdi
LAquis SCADA LGX Report File Write Arbitrary File Creation Vulnerability
2019-01-19 00:00:00
prion
prion
Design/Logic Flaw
2019-02-01 17:29:00
nvd
nvd
CVE-2018-18988
2019-02-01 17:29:00
checkpoint_advisories
checkpoint_advisories
LAquis SCADA LGX Report Arbitrary File Write (CVE-2018-18988)
2019-11-04 00:00:00
cve
cve
CVE-2018-18988
2019-02-01 17:29:00
cvelist
cvelist
CVE-2018-18988
2019-01-15 00:00:00
ics
ics
LCDS - LeΓ£o Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
2019-01-15 12:00:00