Short Name |
HTTP:CVE-2018-18992-CMD-INJ |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
LAquis SCADA Web Server CVE-2018-18992 Command Injection |
Release Date |
2019/02/15 |
Update Number |
3142 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against LAquis SCADA. Successful exploitation results in the execution of arbitrary commands with the privileges of the web server process.
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.