CVE-2021-41579

EUVD-2021-28594
LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
laquisscadascada
𝑥
≤ 4.3.1.1085
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/jacob-baines/vuln_disclosure/blob/main/vuln_2021_04.txt
https://github.com/jacob-baines/vuln_disclosure/blob/main/vuln_2021_04.txt