CVE-2021-41579

LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
laquisscadascada
𝑥
≤ 4.3.1.1085
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/jacob-baines/vuln_disclosure/blob/main/vuln_2021_04.txt
https://github.com/jacob-baines/vuln_disclosure/blob/main/vuln_2021_04.txt