Search criteria
1 vulnerability by LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME
CVE-2017-6020 (GCVE-0-2017-6020)
Vulnerability from cvelistv5 – Published: 2018-04-17 14:00 – Updated: 2024-09-17 04:14
VLAI?
Summary
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.
Severity ?
No CVSS data available.
CWE
- CWE-22 - Path traversal CWE-22
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME | LAquis SCADA software |
Affected:
versions prior to version 4.1.0.3237
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42885",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42885/"
},
{
"name": "97055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97055"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAquis SCADA software",
"vendor": "LCDS - Le\u00c3\u00a3o Consultoria e Desenvolvimento de Sistemas LTDA ME",
"versions": [
{
"status": "affected",
"version": "versions prior to version 4.1.0.3237"
}
]
}
],
"datePublic": "2017-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path traversal CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "42885",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42885/"
},
{
"name": "97055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97055"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-03-23T00:00:00",
"ID": "CVE-2017-6020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAquis SCADA software",
"version": {
"version_data": [
{
"version_value": "versions prior to version 4.1.0.3237"
}
]
}
}
]
},
"vendor_name": "LCDS - Le\u00c3\u00a3o Consultoria e Desenvolvimento de Sistemas LTDA ME"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42885",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42885/"
},
{
"name": "97055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97055"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6020",
"datePublished": "2018-04-17T14:00:00Z",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-09-17T04:14:47.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}