CVE-2020-25188 – CVE-2020-25188 is an out-of-bounds read vulnera... (How to Fix)

Q: What is the severity of CVE-2020-25188?

CVE-2020-25188 has a CVSS score of 7.8 (HIGH). CVE-2020-25188 is an out-of-bounds read vulnerability in LAquis SCADA software that allows remote code execution. An attacker can exploit this by tricking a legitimate user into opening a malicious project file, potentially gaining the same privileges as the SCADA application. This affects industrial control systems using LAquis SCADA versions prior to 4.3.1.870.

📋 TL;DR

CVE-2020-25188 is an out-of-bounds read vulnerability in LAquis SCADA software that allows remote code execution. An attacker can exploit this by tricking a legitimate user into opening a malicious project file, potentially gaining the same privileges as the SCADA application. This affects industrial control systems using LAquis SCADA versions prior to 4.3.1.870.

💻 Affected Systems

Products:

LAquis SCADA

Versions: All versions prior to 4.3.1.870

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to open malicious project file. Typically affects industrial control systems in manufacturing, utilities, and critical infrastructure.

📦 What is this software?

Scada by Laquisscada

View all CVEs affecting Scada →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of SCADA system leading to operational disruption, data manipulation, or physical process interference in industrial environments.

🟠

Likely Case

Attacker gains control of the SCADA application to manipulate HMI displays, modify process values, or pivot to other industrial network systems.

🟢

If Mitigated

Limited to application crash or denial of service if exploit fails or is blocked by security controls.

🌐 Internet-Facing: MEDIUM - Requires user interaction but could be delivered via phishing or web interfaces.

🏢 Internal Only: HIGH - Industrial networks often have limited segmentation and SCADA systems typically run with elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires social engineering to deliver malicious file. Exploit details are publicly documented in ZDI advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.1.870

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-20-287-02

Restart Required: Yes

Instructions:

1. Download LAquis SCADA version 4.3.1.870 or later from official vendor sources. 2. Backup current configuration and project files. 3. Install the update following vendor documentation. 4. Restart the SCADA system and verify functionality.

🔧 Temporary Workarounds

Restrict project file execution

windows

Block execution of .prj files from untrusted sources and implement application whitelisting

Using Windows AppLocker or similar: New-AppLockerPolicy -RuleType Path -Action Deny -Path "*.prj" -User Everyone

User awareness training

all

Train operators to only open project files from trusted sources and verify file integrity

🧯 If You Can't Patch

Implement network segmentation to isolate SCADA systems from business networks
Deploy application control solutions to prevent execution of unauthorized files

🔍 How to Verify

Check if Vulnerable:

Check LAquis SCADA version in Help > About menu or registry key: HKEY_LOCAL_MACHINE\SOFTWARE\LAquis\SCADA\Version

Check Version:

reg query "HKLM\SOFTWARE\LAquis\SCADA" /v Version

Verify Fix Applied:

Confirm version is 4.3.1.870 or higher and test with known safe project files

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes (LAquisSCADA.exe)
Multiple failed file open attempts
Execution of suspicious child processes

Network Indicators:

Unusual outbound connections from SCADA system
File transfers to/from SCADA engineering workstation

SIEM Query:

source="windows" AND process_name="LAquisSCADA.exe" AND (event_id=1000 OR event_id=1001) AND exception_code="0xc0000005"

📊 Metadata

CVE ID: CVE-2020-25188

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: October 14, 2020

Last Updated: November 21, 2024

🔗 References

https://us-cert.cisa.gov/ics/advisories/icsa-20-287-02 Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-20-1244/ Third Party Advisory,VDB Entry
https://us-cert.cisa.gov/ics/advisories/icsa-20-287-02 Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-20-1244/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-25188, you might also want to check these: