An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870).
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25188
Reference (s):
- https://www.zerodayinitiative.com/advisories/ZDI-20-1244/
- https://us-cert.cisa.gov/ics/advisories/icsa-20-287-02
- URL: https://us-cert.cisa.gov/ics/advisories/icsa-20-287-02