Vendor CVEs
Scada Lts
All CVEs
53 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47407 | Cri | 0.74 | 10.0 | 0.64 | Nov 22, 2024 | A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. | ||
| CVE-2025-20061 | Cri | 0.64 | 9.8 | 0.01 | Jan 29, 2025 | mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system. | ||
| CVE-2025-20014 | Cri | 0.64 | 9.8 | 0.01 | Jan 29, 2025 | mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system. | ||
| CVE-2018-11311 | Cri | 0.63 | 9.1 | 0.16 | May 20, 2018 | A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. | ||
| CVE-2017-12730 | Hig | 0.51 | 7.8 | 0.01 | Oct 6, 2017 | An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges. | ||
| CVE-2025-13791 | Med | 0.41 | 6.3 | 0.00 | Nov 30, 2025 | A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely.… | ||
| CVE-2018-11517 | Med | 0.35 | 5.3 | 0.02 | May 28, 2018 | mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. | ||
| CVE-2025-13790 | Med | 0.28 | 4.3 | 0.00 | Nov 30, 2025 | A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early… | ||
| CVE-2025-9139 | Med | 0.28 | 4.3 | 0.00 | Aug 19, 2025 | A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote… | ||
| CVE-2025-9388 | Low | 0.23 | 3.5 | 0.00 | Aug 24, 2025 | A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watch_list.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly… | ||
| CVE-2025-9235 | Low | 0.23 | 3.5 | 0.00 | Aug 20, 2025 | A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published… | ||
| CVE-2025-9234 | Low | 0.23 | 3.5 | 0.00 | Aug 20, 2025 | A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenance_events.shtm. The manipulation of the argument Alias results in cross site scripting. The attack can be executed remotely. The exploit is now public and… | ||
| CVE-2025-9233 | Low | 0.23 | 3.5 | 0.00 | Aug 20, 2025 | A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file view_edit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed… | ||
| CVE-2025-9145 | Low | 0.23 | 3.5 | 0.00 | Aug 19, 2025 | A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file view_edit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched… | ||
| CVE-2025-9144 | Low | 0.23 | 3.5 | 0.00 | Aug 19, 2025 | A weakness has been identified in Scada-LTS 2.7.8.1. This vulnerability affects unknown code of the file publisher_edit.shtm. This manipulation of the argument Name causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the… | ||
| CVE-2025-9143 | Low | 0.23 | 3.5 | 0.00 | Aug 19, 2025 | A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailing_lists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been… | ||
| CVE-2025-9138 | Low | 0.23 | 3.5 | 0.00 | Aug 19, 2025 | A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and… | ||
| CVE-2025-9137 | Low | 0.23 | 3.5 | 0.00 | Aug 19, 2025 | A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduled_events.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and… | ||
| CVE-2025-8743 | Low | 0.23 | 3.5 | 0.00 | Aug 8, 2025 | A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /data_source_edit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cross site scripting. It is… | ||
| CVE-2025-7729 | Low | 0.23 | 3.5 | 0.00 | Jul 17, 2025 | A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file usersProfiles.shtm. The manipulation of the argument Username leads to cross site scripting. The attack can be launched… | ||
| CVE-2025-7728 | Low | 0.23 | 3.5 | 0.00 | Jul 17, 2025 | A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the file users.shtm. The manipulation of the argument Username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has… | ||
| CVE-2025-10235 | Low | 0.16 | 2.4 | 0.00 | Sep 11, 2025 | A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects some unknown processing of the file /reports.shtm of the component Reports Module. This manipulation of the argument Colour causes cross site scripting. The attack may be initiated remotely. The exploit has… | ||
| CVE-2025-10234 | Low | 0.16 | 2.4 | 0.00 | Sep 11, 2025 | A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of the argument Text Renderer properties results in cross site scripting. The attack can… | ||
| CVE-2025-9404 | Low | 0.16 | 2.4 | 0.00 | Aug 25, 2025 | A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack… | ||
| CVE-2025-24865 | 0.08 | — | 0.07 | Feb 13, 2025 | The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password. | |||
| CVE-2023-28384 | 0.08 | — | 0.45 | Apr 27, 2023 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||
| CVE-2025-22896 | 0.06 | — | 0.03 | Feb 13, 2025 | mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information. | |||
| CVE-2025-25067 | 0.00 | — | 0.02 | Feb 13, 2025 | mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. | |||
| CVE-2025-23411 | 0.00 | — | 0.01 | Feb 13, 2025 | mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website. | |||
| CVE-2024-7901 | 0.00 | — | 0.00 | Aug 17, 2024 | A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack… | |||
| CVE-2024-4708 | 0.00 | — | 0.01 | Jul 2, 2024 | mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. | |||
| CVE-2023-33472 | 0.00 | — | 0.01 | Jan 13, 2024 | An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function. | |||
| CVE-2023-28400 | 0.00 | — | 0.25 | Apr 27, 2023 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||
| CVE-2023-28716 | 0.00 | — | 0.04 | Apr 27, 2023 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||
| CVE-2023-29169 | 0.00 | — | 0.01 | Apr 27, 2023 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||
| CVE-2023-29150 | 0.00 | — | 0.01 | Apr 27, 2023 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||
| CVE-2022-41976 | 0.00 | — | 0.02 | Apr 10, 2023 | An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile. | |||
| CVE-2022-2234 | 0.00 | — | 0.41 | Aug 24, 2022 | An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. | |||
| CVE-2021-33013 | 0.00 | — | 0.01 | May 13, 2022 | mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. | |||
| CVE-2021-33009 | 0.00 | — | 0.01 | May 13, 2022 | mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. | |||
| CVE-2021-33005 | 0.00 | — | 0.01 | May 13, 2022 | mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. | |||
| CVE-2021-27505 | 0.00 | — | 0.01 | May 13, 2022 | mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. | |||
| CVE-2022-0999 | 0.00 | — | 0.01 | Apr 11, 2022 | An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | |||
| CVE-2021-43985 | 0.00 | — | 0.02 | Dec 23, 2021 | An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. | |||
| CVE-2021-43989 | 0.00 | — | 0.01 | Dec 23, 2021 | mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. | |||
| CVE-2021-43981 | 0.00 | — | 0.01 | Dec 23, 2021 | mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||
| CVE-2021-44453 | 0.00 | — | 0.01 | Dec 23, 2021 | mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. | |||
| CVE-2021-43984 | 0.00 | — | 0.01 | Dec 23, 2021 | mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||
| CVE-2021-22657 | 0.00 | — | 0.01 | Dec 23, 2021 | mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||
| CVE-2021-43987 | 0.00 | — | 0.01 | Dec 23, 2021 | An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. |
- risk 0.74cvss 10.0epss 0.64
A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
- risk 0.64cvss 9.8epss 0.01
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.
- risk 0.64cvss 9.8epss 0.01
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.
- risk 0.63cvss 9.1epss 0.16
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
- risk 0.51cvss 7.8epss 0.01
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely.…
- risk 0.35cvss 5.3epss 0.02
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.
- risk 0.28cvss 4.3epss 0.00
A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watch_list.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly…
- risk 0.23cvss 3.5epss 0.00
A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenance_events.shtm. The manipulation of the argument Alias results in cross site scripting. The attack can be executed remotely. The exploit is now public and…
- risk 0.23cvss 3.5epss 0.00
A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file view_edit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed…
- risk 0.23cvss 3.5epss 0.00
A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file view_edit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched…
- risk 0.23cvss 3.5epss 0.00
A weakness has been identified in Scada-LTS 2.7.8.1. This vulnerability affects unknown code of the file publisher_edit.shtm. This manipulation of the argument Name causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the…
- risk 0.23cvss 3.5epss 0.00
A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailing_lists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and…
- risk 0.23cvss 3.5epss 0.00
A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduled_events.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and…
- risk 0.23cvss 3.5epss 0.00
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /data_source_edit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cross site scripting. It is…
- risk 0.23cvss 3.5epss 0.00
A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file usersProfiles.shtm. The manipulation of the argument Username leads to cross site scripting. The attack can be launched…
- risk 0.23cvss 3.5epss 0.00
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the file users.shtm. The manipulation of the argument Username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has…
- risk 0.16cvss 2.4epss 0.00
A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects some unknown processing of the file /reports.shtm of the component Reports Module. This manipulation of the argument Colour causes cross site scripting. The attack may be initiated remotely. The exploit has…
- risk 0.16cvss 2.4epss 0.00
A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of the argument Text Renderer properties results in cross site scripting. The attack can…
- risk 0.16cvss 2.4epss 0.00
A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack…
- CVE-2025-24865Feb 13, 2025risk 0.08cvss —epss 0.07
The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password.
- CVE-2023-28384Apr 27, 2023risk 0.08cvss —epss 0.45
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
- CVE-2025-22896Feb 13, 2025risk 0.06cvss —epss 0.03
mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
- CVE-2025-25067Feb 13, 2025risk 0.00cvss —epss 0.02
mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
- CVE-2025-23411Feb 13, 2025risk 0.00cvss —epss 0.01
mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website.
- CVE-2024-7901Aug 17, 2024risk 0.00cvss —epss 0.00
A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack…
- CVE-2024-4708Jul 2, 2024risk 0.00cvss —epss 0.01
mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
- CVE-2023-33472Jan 13, 2024risk 0.00cvss —epss 0.01
An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function.
- CVE-2023-28400Apr 27, 2023risk 0.00cvss —epss 0.25
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
- CVE-2023-28716Apr 27, 2023risk 0.00cvss —epss 0.04
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
- CVE-2023-29169Apr 27, 2023risk 0.00cvss —epss 0.01
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
- CVE-2023-29150Apr 27, 2023risk 0.00cvss —epss 0.01
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
- CVE-2022-41976Apr 10, 2023risk 0.00cvss —epss 0.02
An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile.
- CVE-2022-2234Aug 24, 2022risk 0.00cvss —epss 0.41
An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system.
- CVE-2021-33013May 13, 2022risk 0.00cvss —epss 0.01
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.
- CVE-2021-33009May 13, 2022risk 0.00cvss —epss 0.01
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system.
- CVE-2021-33005May 13, 2022risk 0.00cvss —epss 0.01
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories.
- CVE-2021-27505May 13, 2022risk 0.00cvss —epss 0.01
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.
- CVE-2022-0999Apr 11, 2022risk 0.00cvss —epss 0.01
An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.
- CVE-2021-43985Dec 23, 2021risk 0.00cvss —epss 0.02
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.
- CVE-2021-43989Dec 23, 2021risk 0.00cvss —epss 0.01
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.
- CVE-2021-43981Dec 23, 2021risk 0.00cvss —epss 0.01
mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
- CVE-2021-44453Dec 23, 2021risk 0.00cvss —epss 0.01
mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.
- CVE-2021-43984Dec 23, 2021risk 0.00cvss —epss 0.01
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
- CVE-2021-22657Dec 23, 2021risk 0.00cvss —epss 0.01
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
- CVE-2021-43987Dec 23, 2021risk 0.00cvss —epss 0.01
An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.
Page 1 of 2