LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME CVE published 2024-10-17

CVE-2024-9414

A cross-site scripting (XSS) vulnerability in LAquis SCADA version 4.7.1.511 allows remote attackers to inject arbitrary code into web pages. The vulnerability was disclosed by CISA on October 17, 2024, with a CVSS 3.1 score of 7.1 (HIGH). Successful exploitation could enable session hijacking, user redirection, or unauthorized actions within the SCADA web interface. The vendor has released version 4.7.1. [truncated]

HIGH LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME CVE published 2024-05-21

CVE-2024-5040

A path traversal vulnerability in LAquis SCADA allows attackers to access files outside their authorized directory. The issue affects versions 4.7.1.7 and earlier. CISA published advisory ICSA-24-142-01 on May 21, 2024, with a CVSS 3.1 score of 7.8 (HIGH). The vendor has released version 4.7.1.371 to address the reported path traversal issues.