Vulnerability Details CVE-2021-41579
LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
Products affected by CVE-2021-41579
-
cpe:2.3:a:laquisscada:scada:4.1.0.4150
-
cpe:2.3:a:laquisscada:scada:4.3.1.1085
-
cpe:2.3:a:laquisscada:scada:4.3.1.71
-
cpe:2.3:a:laquisscada:scada:4.3.1.870