The ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) has issued an advisory that states that LAquis SCADA (Supervisory Control and Data Acquisition) for Windows software is vulnerable to Improper Access Control or Local Access Bypass Vulnerability. The LAquis SCADA is an industrial automation software widely used for process control through PLC and for data acquisition. It is mainly used in critical infrastructure sectors such as Chemical, Commercial Facilities, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater Systems.
According to the advisory issued on March 16, 2017 versions released prior to January 20, 2017 which are the prior versions to 4.1 are vulnerable to the above mentioned vulnerability. A successful attack would allow the malicious actor to gain system control and escalate privileges further allowing the attacker to replace application files. ICS-CERT has recommended users to reduce and minimize all network exposures which also includes connecting the software to the internet.
The vulnerability was exposed and reported by Karn Ganeshen. The latest software update of LAquis SCADA has been released and published by its vendor.
For all InfoSec news, click here.