Severity

Medium

Analysis Summary

CVE 2019-10994

Processing a specially crafted project file may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information.

CVE 2019-10980

A type confusion vulnerability may be exploited when LAquis SCADA processes a specially crafted project file. This may allow an attacker to execute remote code.

Impact

• Exposure of sensitive information
• Remote code execution

Affected Vendors

LCDS—Leão Consultoria e Desenvolvimento de Sistemas LTDA ME

Affected Products

LAquis SCADA 4.3.1.71

Remediation

LCDS recommends users update to Version 4.3.1.323.