Vulnerability Description
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lcds | Laquis Scada | < 4.1.0.3237 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97055Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01Third Party AdvisoryUS Government Resource
- https://www.exploit-db.com/exploits/42885/Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/97055Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01Third Party AdvisoryUS Government Resource
- https://www.exploit-db.com/exploits/42885/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-6020?
CVE-2017-6020 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absol...
How severe is CVE-2017-6020?
CVE-2017-6020 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6020?
Check the references section above for vendor advisories and patch information. Affected products include: Lcds Laquis Scada.