Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:CVE-2018-18992-CMD-INJ

Severity

 Major

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 LAquis SCADA Web Server CVE-2018-18992 Command Injection

Release Date

 2019/02/15

Update Number

 3142

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: LAquis SCADA Web Server CVE-2018-18992 Command Injection


This signature detects attempts to exploit a known vulnerability against LAquis SCADA. Successful exploitation results in the execution of arbitrary commands with the privileges of the web server process.

Extended Description

LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.

Affected Products

  • Lcds laquis_scada 4.1.0.3870

References

  • BugTraq: 106634
  • CVE: CVE-2018-18992
  • URL: http://www.zerodayinitiative.com/advisories/zdi-19-062/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out