Vulnerabilites related to myscada - mypro
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:30
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "E5A53706-BD5B-45FD-8B37-2CC0C9E2BB26", versionEndIncluding: "8.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.", }, { lang: "es", value: "mySCADA myPRO: Versiones 8.20.0 y anteriores, presenta una función en la que es posible actualizar el firmware, que puede permitir a un atacante inyectar comandos arbitrarios del sistema operativo mediante un parámetro específico", }, ], id: "CVE-2021-43984", lastModified: "2024-11-21T06:30:08.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T20:15:11.650", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-27 23:15
Modified
2025-01-17 17:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8", versionEndIncluding: "8.26.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. ", }, ], id: "CVE-2023-28400", lastModified: "2025-01-17T17:15:08.363", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-27T23:15:14.917", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-02 23:15
Modified
2024-11-21 09:43
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.myscada.org/mypro/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.myscada.org/mypro/ | Product |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "3AA089A5-5379-4969-8FE1-7147B6EA410B", versionEndExcluding: "8.31.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO \n\nuses a hard-coded password which could allow an attacker to remotely execute code on the affected device.", }, { lang: "es", value: "mySCADA myPRO utiliza una contraseña codificada que podría permitir a un atacante ejecutar código de forma remota en el dispositivo afectado.", }, ], id: "CVE-2024-4708", lastModified: "2024-11-21T09:43:25.340", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, ], }, published: "2024-07-02T23:15:10.860", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Product", ], url: "https://www.myscada.org/mypro/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.myscada.org/mypro/", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-259", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-13 16:15
Modified
2024-11-21 06:08
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.myscada.org/version-8-20-0-released-security-update | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.myscada.org/version-8-20-0-released-security-update | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "1DDCAD9A-0464-4431-AC41-88D4A57354BD", versionEndExcluding: "8.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system.", }, { lang: "es", value: "mySCADA myPRO versiones anteriores a la 8.20.0, permiten a un atacante remoto no autentificado cargar archivos arbitrarios en el sistema de archivos", }, ], id: "CVE-2021-33009", lastModified: "2024-11-21T06:08:07.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-13T16:15:08.017", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-27 23:15
Modified
2025-01-17 17:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8", versionEndIncluding: "8.26.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. ", }, ], id: "CVE-2023-28716", lastModified: "2025-01-17T17:15:08.537", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-27T23:15:14.963", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:30
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "E5A53706-BD5B-45FD-8B37-2CC0C9E2BB26", versionEndIncluding: "8.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.", }, { lang: "es", value: "mySCADA myPRO: Versiones 8.20.0 y anteriores, almacenan las contraseñas usando MD5, que puede permitir a un atacante descifrar los hashes de las contraseñas recuperadas previamente", }, ], id: "CVE-2021-43989", lastModified: "2024-11-21T06:30:09.797", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T20:15:11.827", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-916", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-24 16:15
Modified
2024-11-21 07:00
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03 | Patch, Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8", versionEndIncluding: "8.26.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system.", }, { lang: "es", value: "Un usuario autenticado de mySCADA myPRO versión 8.26.0, puede ser capaz de modificar parámetros para ejecutar comandos directamente en el sistema operativo.", }, ], id: "CVE-2022-2234", lastModified: "2024-11-21T07:00:35.623", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 6, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-24T16:15:11.797", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-06 04:29
Modified
2024-11-21 03:10
Severity ?
Summary
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/100815 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100815 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01 | Mitigation, Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "B8529CFC-9476-416B-A148-50DE54F67137", versionEndIncluding: "7.0.26", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.", }, { lang: "es", value: "Existe una vulnerabilidad relacionada con la ausencia de comillas en una ruta de búsqueda en mySCADA myPRO en versiones 7.0.26 y anteriores. Los servicios de la aplicación utilizan elementos de rutas de búsqueda sin comillas, lo que podría permitir que un atacante ejecute código arbitrario con privilegios elevados.", }, ], id: "CVE-2017-12730", lastModified: "2024-11-21T03:10:06.643", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-06T04:29:00.217", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100815", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Mitigation", "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100815", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-428", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-428", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-13 22:15
Modified
2025-03-04 21:16
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The administrative web interface of
mySCADA myPRO Manager
can be accessed without authentication
which could allow an unauthorized attacker to retrieve sensitive
information and upload files without the associated password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16 | US Government Resource, Third Party Advisory | |
| ics-cert@hq.dhs.gov | https://www.myscada.org/contacts/ | Product | |
| ics-cert@hq.dhs.gov | https://www.myscada.org/downloads/mySCADAPROManager/ | Product |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "ED7FC18F-6415-4B32-9420-E5D9663BFF49", versionEndExcluding: "1.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The administrative web interface of \nmySCADA myPRO Manager\n\ncan be accessed without authentication \nwhich could allow an unauthorized attacker to retrieve sensitive \ninformation and upload files without the associated password.", }, { lang: "es", value: "Se puede acceder a la interfaz web administrativa de mySCADA myPRO Manager sin autenticación, lo que podría permitir que un atacante no autorizado recupere información confidencial y cargue archivos sin la contraseña asociada.", }, ], id: "CVE-2025-24865", lastModified: "2025-03-04T21:16:29.903", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 10, baseSeverity: "CRITICAL", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "HIGH", subConfidentialityImpact: "HIGH", subIntegrityImpact: "HIGH", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, ], }, published: "2025-02-13T22:15:12.613", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "US Government Resource", "Third Party Advisory", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Product", ], url: "https://www.myscada.org/contacts/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Product", ], url: "https://www.myscada.org/downloads/mySCADAPROManager/", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-13 16:15
Modified
2024-11-21 05:58
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.myscada.org/version-8-20-0-released-security-update | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.myscada.org/version-8-20-0-released-security-update | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "1DDCAD9A-0464-4431-AC41-88D4A57354BD", versionEndExcluding: "8.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.", }, { lang: "es", value: "mySCADA myPRO versiones anteriores a 8.20.0, no restringen el acceso de lectura no autorizado a la información confidencial del listado de directorios", }, ], id: "CVE-2021-27505", lastModified: "2024-11-21T05:58:07.607", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-13T16:15:07.877", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-548", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-13 22:15
Modified
2025-03-04 21:18
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
mySCADA myPRO Manager
is vulnerable to cross-site request forgery (CSRF), which could allow
an attacker to obtain sensitive information. An attacker would need to
trick the victim in to visiting an attacker-controlled website.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16 | US Government Resource, Third Party Advisory | |
| ics-cert@hq.dhs.gov | https://www.myscada.org/contacts/ | Product | |
| ics-cert@hq.dhs.gov | https://www.myscada.org/downloads/mySCADAPROManager/ | Product |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "ED7FC18F-6415-4B32-9420-E5D9663BFF49", versionEndExcluding: "1.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO Manager\n is vulnerable to cross-site request forgery (CSRF), which could allow \nan attacker to obtain sensitive information. An attacker would need to \ntrick the victim in to visiting an attacker-controlled website.", }, { lang: "es", value: "mySCADA myPRO Manager es vulnerable a cross-site request forgery (CSRF), lo que podría permitir a un atacante obtener información confidencial. Un atacante tendría que engañar a la víctima para que visite un sitio web controlado por el atacante.", }, ], id: "CVE-2025-23411", lastModified: "2025-03-04T21:18:50.307", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "ACTIVE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, ], }, published: "2025-02-13T22:15:11.913", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "US Government Resource", "Third Party Advisory", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Product", ], url: "https://www.myscada.org/contacts/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Product", ], url: "https://www.myscada.org/downloads/mySCADAPROManager/", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-27 23:15
Modified
2025-01-17 17:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8", versionEndIncluding: "8.26.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.", }, ], id: "CVE-2023-28384", lastModified: "2025-01-17T17:15:07.697", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-27T23:15:14.867", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:30
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "E5A53706-BD5B-45FD-8B37-2CC0C9E2BB26", versionEndIncluding: "8.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.", }, { lang: "es", value: "Se presenta una cuenta administrativa adicional, no documentada en mySCADA myPRO versiones 8.20.0 y anteriores, que no está expuesta mediante la interfaz web y que no puede ser eliminada o modificada mediante la interfaz web normal", }, ], id: "CVE-2021-43987", lastModified: "2024-11-21T06:30:09.503", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T20:15:11.767", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-912", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-27 23:15
Modified
2025-01-17 18:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8", versionEndIncluding: "8.26.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. ", }, ], id: "CVE-2023-29169", lastModified: "2025-01-17T18:15:22.337", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-27T23:15:15.050", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-13 22:15
Modified
2025-03-04 21:25
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
mySCADA myPRO Manager
stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16 | US Government Resource, Third Party Advisory | |
| ics-cert@hq.dhs.gov | https://www.myscada.org/contacts/ | Product | |
| ics-cert@hq.dhs.gov | https://www.myscada.org/downloads/mySCADAPROManager/ | Product |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "ED7FC18F-6415-4B32-9420-E5D9663BFF49", versionEndExcluding: "1.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO Manager\n\n\nstores credentials in cleartext, which could allow an attacker to obtain sensitive information.", }, { lang: "es", value: "mySCADA myPRO Manager almacena las credenciales en texto plano, lo que podría permitir a un atacante obtener información confidencial.", }, ], id: "CVE-2025-22896", lastModified: "2025-03-04T21:25:33.663", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 9.2, baseSeverity: "CRITICAL", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "HIGH", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, ], }, published: "2025-02-13T22:15:11.737", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "US Government Resource", "Third Party Advisory", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Product", ], url: "https://www.myscada.org/contacts/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Product", ], url: "https://www.myscada.org/downloads/mySCADAPROManager/", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 05:51
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "E5A53706-BD5B-45FD-8B37-2CC0C9E2BB26", versionEndIncluding: "8.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.", }, { lang: "es", value: "mySCADA myPRO: Versiones 8.20.0 y anteriores, presentan una función en la que es posible especificar la contraseña, que puede permitir a un atacante inyectar comandos arbitrarios del sistema operativo mediante un parámetro específico", }, ], id: "CVE-2021-23198", lastModified: "2024-11-21T05:51:21.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T20:15:09.053", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:30
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "E5A53706-BD5B-45FD-8B37-2CC0C9E2BB26", versionEndIncluding: "8.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.", }, { lang: "es", value: "mySCADA myPRO: Versiones 8.20.0 y anteriores, presentan una funcionalidad para enviar correos electrónicos, que puede permitir a un atacante inyectar comandos arbitrarios del sistema operativo mediante un parámetro específico", }, ], id: "CVE-2021-43981", lastModified: "2024-11-21T06:30:08.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T20:15:11.590", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-13 16:15
Modified
2024-11-21 06:08
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.myscada.org/version-8-20-0-released-security-update | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.myscada.org/version-8-20-0-released-security-update | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "1DDCAD9A-0464-4431-AC41-88D4A57354BD", versionEndExcluding: "8.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.", }, { lang: "es", value: "mySCADA myPRO versiones anteriores a la 8.20.0, no restringen el acceso de lectura no autorizado a la información confidencial del sistema", }, ], id: "CVE-2021-33013", lastModified: "2024-11-21T06:08:07.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-13T16:15:08.083", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-13 22:15
Modified
2025-03-04 21:05
Severity ?
Summary
mySCADA myPRO Manager
is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16 | US Government Resource, Third Party Advisory | |
| ics-cert@hq.dhs.gov | https://www.myscada.org/contacts/ | Product | |
| ics-cert@hq.dhs.gov | https://www.myscada.org/downloads/mySCADAPROManager/ | Product |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "ED7FC18F-6415-4B32-9420-E5D9663BFF49", versionEndExcluding: "1.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO Manager\n \nis vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.", }, { lang: "es", value: "mySCADA myPRO Manager es vulnerable a una inyección de comandos del sistema operativo que podría permitir que un atacante remoto ejecute comandos arbitrarios del sistema operativo.", }, ], id: "CVE-2025-25067", lastModified: "2025-03-04T21:05:57.430", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, ], }, published: "2025-02-13T22:15:12.780", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "US Government Resource", "Third Party Advisory", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Product", ], url: "https://www.myscada.org/contacts/", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Product", ], url: "https://www.myscada.org/downloads/mySCADAPROManager/", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 05:50
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "E5A53706-BD5B-45FD-8B37-2CC0C9E2BB26", versionEndIncluding: "8.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.", }, { lang: "es", value: "mySCADA myPRO: Versiones 8.20.0 y anteriores, presentan una función en la que es posible especificar la contraseña de la API, que puede permitir a un atacante inyectar comandos arbitrarios del sistema operativo mediante un parámetro específico", }, ], id: "CVE-2021-22657", lastModified: "2024-11-21T05:50:25.120", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T20:15:08.987", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:31
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "E5A53706-BD5B-45FD-8B37-2CC0C9E2BB26", versionEndIncluding: "8.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.", }, { lang: "es", value: "mySCADA myPRO: Versiones 8.20.0 y anteriores, presentan una interfaz de depuración vulnerable que incluye una utilidad ping, que puede permitir a un atacante inyectar comandos arbitrarios del sistema operativo", }, ], id: "CVE-2021-44453", lastModified: "2024-11-21T06:31:00.720", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T20:15:11.883", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-28 16:29
Modified
2024-11-21 03:43
Severity ?
Summary
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb | Not Applicable |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:7.0:*:*:*:*:*:*:*", matchCriteriaId: "543CDCB8-FE86-4BA3-A67A-D2F1C3E9A82D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.", }, { lang: "es", value: "Vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz web en McAfee Network Security Management (NSM) en versiones anteriores a la 8.2.7.42.2 permite que usuarios autenticados puedan reflejar código HTML arbitrario en la página web de respuesta mediante entradas de atributos de usuarios que hayan sido manipuladas.", }, ], id: "CVE-2018-11517", lastModified: "2024-11-21T03:43:32.153", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-28T16:29:00.370", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure", }, { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:30
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "E5A53706-BD5B-45FD-8B37-2CC0C9E2BB26", versionEndIncluding: "8.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.", }, { lang: "es", value: "Un atacante remoto no autenticado puede acceder a mySCADA myPRO Versiones 8.20.0 y anteriores, sin ninguna forma de autenticación o autorización", }, ], id: "CVE-2021-43985", lastModified: "2024-11-21T06:30:09.177", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T20:15:11.710", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-288", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-13 16:15
Modified
2024-11-21 06:08
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.myscada.org/version-8-20-0-released-security-update | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.myscada.org/version-8-20-0-released-security-update | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "1DDCAD9A-0464-4431-AC41-88D4A57354BD", versionEndExcluding: "8.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories.", }, { lang: "es", value: "mySCADA myPRO versiones anteriores a la 8.20.0, permiten a un atacante remoto no autentificado cargar archivos arbitrarios en directorios arbitrarios", }, ], id: "CVE-2021-33005", lastModified: "2024-11-21T06:08:06.603", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-13T16:15:07.950", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-20 22:29
Modified
2024-11-21 03:43
Severity ?
Summary
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf | Mitigation, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password | Mitigation, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44656/ | Mitigation, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf | Mitigation, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password | Mitigation, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44656/ | Mitigation, Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:7.0:*:*:*:*:*:*:*", matchCriteriaId: "543CDCB8-FE86-4BA3-A67A-D2F1C3E9A82D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.", }, { lang: "es", value: "Un usuario FTP embebido de myscada y contraseña embebida de Vikuk63 en myscadagate.exe en mySCADA myPRO 7 permite que atacantes remotos accedan al servidor FTP en el puerto 2121 y suban archivos o directorios de lista introduciendo estas credenciales.", }, ], id: "CVE-2018-11311", lastModified: "2024-11-21T03:43:06.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-20T22:29:00.233", references: [ { source: "cve@mitre.org", tags: [ "Mitigation", "Technical Description", "Third Party Advisory", ], url: "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Technical Description", "Third Party Advisory", ], url: "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44656/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Technical Description", "Third Party Advisory", ], url: "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Technical Description", "Third Party Advisory", ], url: "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44656/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-27 23:15
Modified
2025-01-17 18:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8", versionEndIncluding: "8.26.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. ", }, ], id: "CVE-2023-29150", lastModified: "2025-01-17T18:15:22.093", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-27T23:15:15.007", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-11 20:15
Modified
2024-11-21 06:39
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", matchCriteriaId: "022DF9CF-1E97-4010-8937-898867348EF6", versionEndIncluding: "8.25.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.", }, { lang: "es", value: "Un usuario autenticado puede ser capaz de usar inapropiadamente los parámetros para inyectar comandos arbitrarios del sistema operativo en mySCADA myPRO versiones 8.25.0 y anteriores", }, ], id: "CVE-2022-0999", lastModified: "2024-11-21T06:39:49.783", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-11T20:15:16.737", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-201805-0803
Vulnerability from variot
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. mySCADA myPRO Contains a vulnerability in the use of hard-coded credentials.Information may be obtained and information may be altered
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0803", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "eq", trust: 1.6, vendor: "myscada", version: "7.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: "7", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005338", }, { db: "CNNVD", id: "CNNVD-201805-635", }, { db: "NVD", id: "CVE-2018-11311", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:myscada:mypro", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005338", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Emre ?V?N?", sources: [ { db: "CNNVD", id: "CNNVD-201805-635", }, ], trust: 0.6, }, cve: "CVE-2018-11311", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2018-11311", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2018-11311", impactScore: 5.2, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-11311", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2018-11311", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-201805-635", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005338", }, { db: "CNNVD", id: "CNNVD-201805-635", }, { db: "NVD", id: "CVE-2018-11311", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. mySCADA myPRO Contains a vulnerability in the use of hard-coded credentials.Information may be obtained and information may be altered", sources: [ { db: "NVD", id: "CVE-2018-11311", }, { db: "JVNDB", id: "JVNDB-2018-005338", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-11311", trust: 2.4, }, { db: "EXPLOIT-DB", id: "44656", trust: 1, }, { db: "JVNDB", id: "JVNDB-2018-005338", trust: 0.8, }, { db: "EXPLOIT-DB", id: "48620", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201805-635", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005338", }, { db: "CNNVD", id: "CNNVD-201805-635", }, { db: "NVD", id: "CVE-2018-11311", }, ], }, id: "VAR-201805-0803", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28945112, }, last_update_date: "2024-11-23T22:48:43.138000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "myPRO", trust: 0.8, url: "https://www.myscada.org/mypro/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005338", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-798", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005338", }, { db: "NVD", id: "CVE-2018-11311", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://emreovunc.com/blog/en/myscada-mypro7-exploit.pdf", }, { trust: 1, url: "https://www.exploit-db.com/exploits/44656/", }, { trust: 1, url: "https://github.com/emreovunc/myscada-mypro-7-hardcoded-ftp-username-and-password", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11311", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-11311", }, { trust: 0.6, url: "https://www.exploit-db.com/exploits/48620", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005338", }, { db: "CNNVD", id: "CNNVD-201805-635", }, { db: "NVD", id: "CVE-2018-11311", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2018-005338", }, { db: "CNNVD", id: "CNNVD-201805-635", }, { db: "NVD", id: "CVE-2018-11311", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-07-12T00:00:00", db: "JVNDB", id: "JVNDB-2018-005338", }, { date: "2018-05-21T00:00:00", db: "CNNVD", id: "CNNVD-201805-635", }, { date: "2018-05-20T22:29:00.233000", db: "NVD", id: "CVE-2018-11311", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-07-12T00:00:00", db: "JVNDB", id: "JVNDB-2018-005338", }, { date: "2020-06-28T00:00:00", db: "CNNVD", id: "CNNVD-201805-635", }, { date: "2024-11-21T03:43:06.870000", db: "NVD", id: "CVE-2018-11311", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201805-635", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO Vulnerabilities related to the use of hard-coded credentials", sources: [ { db: "JVNDB", id: "JVNDB-2018-005338", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "lack of information", sources: [ { db: "CNNVD", id: "CNNVD-201805-635", }, ], trust: 0.6, }, }
var-202304-2124
Vulnerability from variot
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-2124", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.26.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: null, trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.26.0 and earlier", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009257", }, { db: "NVD", id: "CVE-2023-28384", }, ], }, cve: "CVE-2023-28384", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2023-28384", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-28384", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-28384", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2023-28384", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202304-2203", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009257", }, { db: "CNNVD", id: "CNNVD-202304-2203", }, { db: "NVD", id: "CVE-2023-28384", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-28384", }, { db: "JVNDB", id: "JVNDB-2023-009257", }, { db: "VULMON", id: "CVE-2023-28384", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-28384", trust: 3.3, }, { db: "ICS CERT", id: "ICSA-23-096-06", trust: 2.5, }, { db: "JVN", id: "JVNVU95525237", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-009257", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202304-2203", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-28384", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-28384", }, { db: "JVNDB", id: "JVNDB-2023-009257", }, { db: "CNNVD", id: "CNNVD-202304-2203", }, { db: "NVD", id: "CVE-2023-28384", }, ], }, id: "VAR-202304-2124", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28945112, }, last_update_date: "2024-08-14T13:20:47.411000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "mySCADA myPRO Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=236110", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202304-2203", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009257", }, { db: "NVD", id: "CVE-2023-28384", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2023-28384", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95525237/", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-28384/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-28384", }, { db: "JVNDB", id: "JVNDB-2023-009257", }, { db: "CNNVD", id: "CNNVD-202304-2203", }, { db: "NVD", id: "CVE-2023-28384", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-28384", }, { db: "JVNDB", id: "JVNDB-2023-009257", }, { db: "CNNVD", id: "CNNVD-202304-2203", }, { db: "NVD", id: "CVE-2023-28384", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-27T00:00:00", db: "VULMON", id: "CVE-2023-28384", }, { date: "2023-12-05T00:00:00", db: "JVNDB", id: "JVNDB-2023-009257", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202304-2203", }, { date: "2023-04-27T23:15:14.867000", db: "NVD", id: "CVE-2023-28384", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-28T00:00:00", db: "VULMON", id: "CVE-2023-28384", }, { date: "2023-12-05T04:10:00", db: "JVNDB", id: "JVNDB-2023-009257", }, { date: "2023-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202304-2203", }, { date: "2023-11-07T04:10:32.950000", db: "NVD", id: "CVE-2023-28384", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202304-2203", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA Technologies of myPRO In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2023-009257", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202304-2203", }, ], trust: 0.6, }, }
var-202112-1872
Vulnerability from variot
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-1872", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.20.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.20.0 and earlier", }, { model: "mypro", scope: "lte", trust: 0.6, vendor: "myscada", version: "<=8.20.0", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102825", }, { db: "JVNDB", id: "JVNDB-2021-016605", }, { db: "NVD", id: "CVE-2021-43984", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Michael Heinzl reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202112-2081", }, ], trust: 0.6, }, cve: "CVE-2021-43984", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2021-43984", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2021-102825", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-43984", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "ics-cert@hq.dhs.gov", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-43984", impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-43984", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-43984", trust: 1, value: "CRITICAL", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2021-43984", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2021-43984", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2021-102825", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-2081", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2021-43984", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102825", }, { db: "VULMON", id: "CVE-2021-43984", }, { db: "JVNDB", id: "JVNDB-2021-016605", }, { db: "CNNVD", id: "CNNVD-202112-2081", }, { db: "NVD", id: "CVE-2021-43984", }, { db: "NVD", id: "CVE-2021-43984", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes", sources: [ { db: "NVD", id: "CVE-2021-43984", }, { db: "JVNDB", id: "JVNDB-2021-016605", }, { db: "CNVD", id: "CNVD-2021-102825", }, { db: "VULMON", id: "CVE-2021-43984", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-43984", trust: 3.9, }, { db: "ICS CERT", id: "ICSA-21-355-01", trust: 3.1, }, { db: "JVN", id: "JVNVU90153325", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-016605", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-102825", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.0075", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-2081", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-43984", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102825", }, { db: "VULMON", id: "CVE-2021-43984", }, { db: "JVNDB", id: "JVNDB-2021-016605", }, { db: "CNNVD", id: "CNNVD-202112-2081", }, { db: "NVD", id: "CVE-2021-43984", }, ], }, id: "VAR-202112-1872", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-102825", }, ], trust: 0.8894511199999999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102825", }, ], }, last_update_date: "2024-11-23T21:33:27.101000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "myPRO", trust: 0.8, url: "https://www.myscada.org/mypro/", }, { title: "Patch for mySCADA myPRO Operating System Command Injection Vulnerability (CNVD-2021-102825)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/310786", }, { title: "mySCADA myPRO Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175458", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102825", }, { db: "JVNDB", id: "JVNDB-2021-016605", }, { db: "CNNVD", id: "CNNVD-202112-2081", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016605", }, { db: "NVD", id: "CVE-2021-43984", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.1, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-43984", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu90153325/index.html", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0075", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102825", }, { db: "VULMON", id: "CVE-2021-43984", }, { db: "JVNDB", id: "JVNDB-2021-016605", }, { db: "CNNVD", id: "CNNVD-202112-2081", }, { db: "NVD", id: "CVE-2021-43984", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-102825", }, { db: "VULMON", id: "CVE-2021-43984", }, { db: "JVNDB", id: "JVNDB-2021-016605", }, { db: "CNNVD", id: "CNNVD-202112-2081", }, { db: "NVD", id: "CVE-2021-43984", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-28T00:00:00", db: "CNVD", id: "CNVD-2021-102825", }, { date: "2021-12-23T00:00:00", db: "VULMON", id: "CVE-2021-43984", }, { date: "2022-12-19T00:00:00", db: "JVNDB", id: "JVNDB-2021-016605", }, { date: "2021-12-21T00:00:00", db: "CNNVD", id: "CNNVD-202112-2081", }, { date: "2021-12-23T20:15:11.650000", db: "NVD", id: "CVE-2021-43984", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-26T00:00:00", db: "CNVD", id: "CNVD-2021-102825", }, { date: "2021-12-29T00:00:00", db: "VULMON", id: "CVE-2021-43984", }, { date: "2022-12-19T04:31:00", db: "JVNDB", id: "JVNDB-2021-016605", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202112-2081", }, { date: "2024-11-21T06:30:08.980000", db: "NVD", id: "CVE-2021-43984", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2081", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-016605", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202112-2081", }, ], trust: 0.6, }, }
var-202108-2251
Vulnerability from variot
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-33005 It was * Sensitive directory listing information may be read by a remote attacker - CVE-2021-27505. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-2251", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lt", trust: 1, vendor: "myscada", version: "8.20.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: "v8.20.0 all previous s", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "NVD", id: "CVE-2021-33009", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Michael Heinzl reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202108-516", }, ], trust: 0.6, }, cve: "CVE-2021-33009", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CVE-2021-33009", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2021-33009", impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "OTHER", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2021-002267", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-33009", trust: 1, value: "HIGH", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2021-33009", trust: 1, value: "HIGH", }, { author: "OTHER", id: "JVNDB-2021-002267", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202108-516", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-516", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-33009", }, { db: "NVD", id: "CVE-2021-33009", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-33005 It was * Sensitive directory listing information may be read by a remote attacker - CVE-2021-27505. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", sources: [ { db: "NVD", id: "CVE-2021-33009", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULMON", id: "CVE-2021-33009", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-33009", trust: 3.3, }, { db: "ICS CERT", id: "ICSA-21-217-03", trust: 2.5, }, { db: "JVN", id: "JVNVU94730303", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-002267", trust: 0.8, }, { db: "CS-HELP", id: "SB2021080605", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.2659", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202108-516", trust: 0.6, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-33009", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-33009", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-516", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-33009", }, ], }, id: "VAR-202108-2251", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28945112, }, last_update_date: "2024-08-14T12:55:37.884000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "VERSION 8.20.0 RELEASED", trust: 0.8, url: "https://www.myscada.org/version-8-20-0-released-security-update/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-434", trust: 1, }, { problemtype: "Path traversal (CWE-22) [ others ]", trust: 0.8, }, { problemtype: " Inappropriate access control (CWE-284) [ others ]", trust: 0.8, }, { problemtype: " Unlimited uploads of dangerous types of files (CWE-434) [ others ]", trust: 0.8, }, { problemtype: " Information disclosure through directory listings (CWE-548) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "NVD", id: "CVE-2021-33009", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { trust: 1.7, url: "https://www.myscada.org/version-8-20-0-released-security-update", }, { trust: 1.4, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-03", }, { trust: 0.8, url: "http://jvn.jp/cert/jvnvu94730303", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27505", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33005", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33009", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33013", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021080605", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2021-33009/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.2659", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/434.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-33009", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-516", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-33009", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-33009", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-516", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-33009", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2021-33009", }, { date: "2021-08-10T00:00:00", db: "JVNDB", id: "JVNDB-2021-002267", }, { date: "2021-08-05T00:00:00", db: "CNNVD", id: "CNNVD-202108-516", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2022-05-13T16:15:08.017000", db: "NVD", id: "CVE-2021-33009", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2021-33009", }, { date: "2024-06-20T02:08:00", db: "JVNDB", id: "JVNDB-2021-002267", }, { date: "2022-05-25T00:00:00", db: "CNNVD", id: "CNNVD-202108-516", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2022-05-24T20:44:58.087000", db: "NVD", id: "CVE-2021-33009", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202108-516", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA Made myPRO Multiple vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-202108-516", }, ], trust: 0.6, }, }
var-202304-2121
Vulnerability from variot
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-2121", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.26.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: null, trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.26.0 and earlier", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009259", }, { db: "NVD", id: "CVE-2023-28716", }, ], }, cve: "CVE-2023-28716", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2023-28716", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-28716", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-28716", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2023-28716", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202304-2205", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009259", }, { db: "CNNVD", id: "CNNVD-202304-2205", }, { db: "NVD", id: "CVE-2023-28716", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-28716", }, { db: "JVNDB", id: "JVNDB-2023-009259", }, { db: "VULMON", id: "CVE-2023-28716", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-28716", trust: 3.3, }, { db: "ICS CERT", id: "ICSA-23-096-06", trust: 2.5, }, { db: "JVN", id: "JVNVU95525237", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-009259", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202304-2205", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-28716", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-28716", }, { db: "JVNDB", id: "JVNDB-2023-009259", }, { db: "CNNVD", id: "CNNVD-202304-2205", }, { db: "NVD", id: "CVE-2023-28716", }, ], }, id: "VAR-202304-2121", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28945112, }, last_update_date: "2024-08-14T13:20:47.360000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "mySCADA myPRO Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=236111", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202304-2205", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009259", }, { db: "NVD", id: "CVE-2023-28716", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95525237/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-28716", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-28716/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-28716", }, { db: "JVNDB", id: "JVNDB-2023-009259", }, { db: "CNNVD", id: "CNNVD-202304-2205", }, { db: "NVD", id: "CVE-2023-28716", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-28716", }, { db: "JVNDB", id: "JVNDB-2023-009259", }, { db: "CNNVD", id: "CNNVD-202304-2205", }, { db: "NVD", id: "CVE-2023-28716", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-27T00:00:00", db: "VULMON", id: "CVE-2023-28716", }, { date: "2023-12-05T00:00:00", db: "JVNDB", id: "JVNDB-2023-009259", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202304-2205", }, { date: "2023-04-27T23:15:14.963000", db: "NVD", id: "CVE-2023-28716", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-28T00:00:00", db: "VULMON", id: "CVE-2023-28716", }, { date: "2023-12-05T04:10:00", db: "JVNDB", id: "JVNDB-2023-009259", }, { date: "2023-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202304-2205", }, { date: "2023-11-07T04:10:49.930000", db: "NVD", id: "CVE-2023-28716", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202304-2205", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA Technologies of myPRO In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2023-009259", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202304-2205", }, ], trust: 0.6, }, }
var-202112-1869
Vulnerability from variot
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. mySCADA myPRO contains a vulnerability related to the use of insufficiently strong password hashes.Information may be obtained. mySCADA myPRO is an HMI/SCADA system, mainly designed for visualization and control of industrial processes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-1869", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.20.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.20.0 and earlier", }, { model: "mypro", scope: "lte", trust: 0.6, vendor: "myscada", version: "<=8.20.0", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102831", }, { db: "JVNDB", id: "JVNDB-2021-016608", }, { db: "NVD", id: "CVE-2021-43989", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Michael Heinzl reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202112-2087", }, ], trust: 0.6, }, cve: "CVE-2021-43989", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2021-43989", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 7.8, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2021-102831", impactScore: 6.9, integrityImpact: "NONE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-43989", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "OTHER", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2021-016608", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-43989", trust: 1, value: "HIGH", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2021-43989", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-43989", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-102831", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-2087", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-43989", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102831", }, { db: "VULMON", id: "CVE-2021-43989", }, { db: "JVNDB", id: "JVNDB-2021-016608", }, { db: "CNNVD", id: "CNNVD-202112-2087", }, { db: "NVD", id: "CVE-2021-43989", }, { db: "NVD", id: "CVE-2021-43989", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. mySCADA myPRO contains a vulnerability related to the use of insufficiently strong password hashes.Information may be obtained. mySCADA myPRO is an HMI/SCADA system, mainly designed for visualization and control of industrial processes", sources: [ { db: "NVD", id: "CVE-2021-43989", }, { db: "JVNDB", id: "JVNDB-2021-016608", }, { db: "CNVD", id: "CNVD-2021-102831", }, { db: "VULMON", id: "CVE-2021-43989", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-43989", trust: 3.9, }, { db: "ICS CERT", id: "ICSA-21-355-01", trust: 3.1, }, { db: "JVN", id: "JVNVU90153325", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-016608", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-102831", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.0075", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-2087", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-43989", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102831", }, { db: "VULMON", id: "CVE-2021-43989", }, { db: "JVNDB", id: "JVNDB-2021-016608", }, { db: "CNNVD", id: "CNNVD-202112-2087", }, { db: "NVD", id: "CVE-2021-43989", }, ], }, id: "VAR-202112-1869", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-102831", }, ], trust: 0.8894511199999999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102831", }, ], }, last_update_date: "2024-11-23T21:33:26.947000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "myPRO", trust: 0.8, url: "https://www.myscada.org/mypro/", }, { title: "Patch for MySCADA myPRO has unspecified vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/310826", }, { title: "mySCADA myPRO Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=176051", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102831", }, { db: "JVNDB", id: "JVNDB-2021-016608", }, { db: "CNNVD", id: "CNNVD-202112-2087", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-327", trust: 1, }, { problemtype: "CWE-916", trust: 1, }, { problemtype: "Use of weak password hashes (CWE-916) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016608", }, { db: "NVD", id: "CVE-2021-43989", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.1, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-43989", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu90153325/index.html", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0075", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/916.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102831", }, { db: "VULMON", id: "CVE-2021-43989", }, { db: "JVNDB", id: "JVNDB-2021-016608", }, { db: "CNNVD", id: "CNNVD-202112-2087", }, { db: "NVD", id: "CVE-2021-43989", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-102831", }, { db: "VULMON", id: "CVE-2021-43989", }, { db: "JVNDB", id: "JVNDB-2021-016608", }, { db: "CNNVD", id: "CNNVD-202112-2087", }, { db: "NVD", id: "CVE-2021-43989", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-28T00:00:00", db: "CNVD", id: "CNVD-2021-102831", }, { date: "2021-12-23T00:00:00", db: "VULMON", id: "CVE-2021-43989", }, { date: "2022-12-19T00:00:00", db: "JVNDB", id: "JVNDB-2021-016608", }, { date: "2021-12-21T00:00:00", db: "CNNVD", id: "CNNVD-202112-2087", }, { date: "2021-12-23T20:15:11.827000", db: "NVD", id: "CVE-2021-43989", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-30T00:00:00", db: "CNVD", id: "CNVD-2021-102831", }, { date: "2021-12-29T00:00:00", db: "VULMON", id: "CVE-2021-43989", }, { date: "2022-12-19T04:31:00", db: "JVNDB", id: "JVNDB-2021-016608", }, { date: "2023-07-24T00:00:00", db: "CNNVD", id: "CNNVD-202112-2087", }, { date: "2024-11-21T06:30:09.797000", db: "NVD", id: "CVE-2021-43989", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2087", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO Vulnerability related to the use of insufficiently strong password hashes in", sources: [ { db: "JVNDB", id: "JVNDB-2021-016608", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "encryption problem", sources: [ { db: "CNNVD", id: "CNNVD-202112-2087", }, ], trust: 0.6, }, }
var-202112-1874
Vulnerability from variot
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-1874", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.20.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.20.0 and earlier", }, { model: "mypro", scope: "lte", trust: 0.6, vendor: "myscada", version: "<=8.20.0", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102827", }, { db: "JVNDB", id: "JVNDB-2021-016603", }, { db: "NVD", id: "CVE-2021-23198", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Michael Heinzl reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202112-2083", }, ], trust: 0.6, }, cve: "CVE-2021-23198", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2021-23198", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2021-102827", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-23198", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "ics-cert@hq.dhs.gov", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-23198", impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-23198", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-23198", trust: 1, value: "CRITICAL", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2021-23198", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2021-23198", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2021-102827", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-2083", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2021-23198", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102827", }, { db: "VULMON", id: "CVE-2021-23198", }, { db: "JVNDB", id: "JVNDB-2021-016603", }, { db: "CNNVD", id: "CNNVD-202112-2083", }, { db: "NVD", id: "CVE-2021-23198", }, { db: "NVD", id: "CVE-2021-23198", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes", sources: [ { db: "NVD", id: "CVE-2021-23198", }, { db: "JVNDB", id: "JVNDB-2021-016603", }, { db: "CNVD", id: "CNVD-2021-102827", }, { db: "VULMON", id: "CVE-2021-23198", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-23198", trust: 3.9, }, { db: "ICS CERT", id: "ICSA-21-355-01", trust: 3.1, }, { db: "JVN", id: "JVNVU90153325", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-016603", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-102827", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.0075", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-2083", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-23198", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102827", }, { db: "VULMON", id: "CVE-2021-23198", }, { db: "JVNDB", id: "JVNDB-2021-016603", }, { db: "CNNVD", id: "CNNVD-202112-2083", }, { db: "NVD", id: "CVE-2021-23198", }, ], }, id: "VAR-202112-1874", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-102827", }, ], trust: 0.8894511199999999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102827", }, ], }, last_update_date: "2024-08-14T13:22:57.936000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "myPRO", trust: 0.8, url: "https://www.myscada.org/mypro/", }, { title: "Patch for mySCADA myPRO Operating System Command Injection Vulnerability (CNVD-2021-102827)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/310801", }, { title: "mySCADA myPRO Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175460", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102827", }, { db: "JVNDB", id: "JVNDB-2021-016603", }, { db: "CNNVD", id: "CNNVD-202112-2083", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016603", }, { db: "NVD", id: "CVE-2021-23198", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.1, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu90153325/index.html", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-23198", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0075", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102827", }, { db: "VULMON", id: "CVE-2021-23198", }, { db: "JVNDB", id: "JVNDB-2021-016603", }, { db: "CNNVD", id: "CNNVD-202112-2083", }, { db: "NVD", id: "CVE-2021-23198", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-102827", }, { db: "VULMON", id: "CVE-2021-23198", }, { db: "JVNDB", id: "JVNDB-2021-016603", }, { db: "CNNVD", id: "CNNVD-202112-2083", }, { db: "NVD", id: "CVE-2021-23198", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-28T00:00:00", db: "CNVD", id: "CNVD-2021-102827", }, { date: "2021-12-23T00:00:00", db: "VULMON", id: "CVE-2021-23198", }, { date: "2022-12-19T00:00:00", db: "JVNDB", id: "JVNDB-2021-016603", }, { date: "2021-12-21T00:00:00", db: "CNNVD", id: "CNNVD-202112-2083", }, { date: "2021-12-23T20:15:09.053000", db: "NVD", id: "CVE-2021-23198", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-26T00:00:00", db: "CNVD", id: "CNVD-2021-102827", }, { date: "2021-12-29T00:00:00", db: "VULMON", id: "CVE-2021-23198", }, { date: "2022-12-19T04:31:00", db: "JVNDB", id: "JVNDB-2021-016603", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202112-2083", }, { date: "2021-12-29T20:07:49.577000", db: "NVD", id: "CVE-2021-23198", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2083", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-016603", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202112-2083", }, ], trust: 0.6, }, }
var-202208-1819
Vulnerability from variot
An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. mySCADA Technologies Provided by the company myPRO The following vulnerabilities exist in. It was * Command injection (CWE-77) - CVE-2022-2234If the vulnerability is exploited, it may be affected as follows
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202208-1819", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.26.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.26.0 and earlier", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-002341", }, { db: "NVD", id: "CVE-2022-2234", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Marlon Luis Petry reported this vulnerability to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202208-3801", }, ], trust: 0.6, }, cve: "CVE-2022-2234", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-2234", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "ics-cert@hq.dhs.gov", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.1, id: "CVE-2022-2234", impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-2234", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-2234", trust: 1, value: "HIGH", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2022-2234", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-2234", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202208-3801", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-002341", }, { db: "CNNVD", id: "CNNVD-202208-3801", }, { db: "NVD", id: "CVE-2022-2234", }, { db: "NVD", id: "CVE-2022-2234", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. mySCADA Technologies Provided by the company myPRO The following vulnerabilities exist in. It was * Command injection (CWE-77) - CVE-2022-2234If the vulnerability is exploited, it may be affected as follows", sources: [ { db: "NVD", id: "CVE-2022-2234", }, { db: "JVNDB", id: "JVNDB-2022-002341", }, { db: "VULMON", id: "CVE-2022-2234", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-2234", trust: 3.3, }, { db: "ICS CERT", id: "ICSA-22-235-03", trust: 2.5, }, { db: "JVN", id: "JVNVU92145197", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2022-002341", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202208-3801", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-2234", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-2234", }, { db: "JVNDB", id: "JVNDB-2022-002341", }, { db: "CNNVD", id: "CNNVD-202208-3801", }, { db: "NVD", id: "CVE-2022-2234", }, ], }, id: "VAR-202208-1819", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28945112, }, last_update_date: "2024-08-14T15:06:13.413000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DOWNLOADS", trust: 0.8, url: "https://www.myscada.org/download/#mypro", }, { title: "mySCADA myPRO Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=247287", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-002341", }, { db: "CNNVD", id: "CNNVD-202208-3801", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "CWE-78", trust: 1, }, { problemtype: "Command injection (CWE-77) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-002341", }, { db: "NVD", id: "CVE-2022-2234", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu92145197/index.html", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-2234", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-22-235-03", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-2234/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-2234", }, { db: "JVNDB", id: "JVNDB-2022-002341", }, { db: "CNNVD", id: "CNNVD-202208-3801", }, { db: "NVD", id: "CVE-2022-2234", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-2234", }, { db: "JVNDB", id: "JVNDB-2022-002341", }, { db: "CNNVD", id: "CNNVD-202208-3801", }, { db: "NVD", id: "CVE-2022-2234", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-08-24T00:00:00", db: "VULMON", id: "CVE-2022-2234", }, { date: "2022-08-26T00:00:00", db: "JVNDB", id: "JVNDB-2022-002341", }, { date: "2022-08-23T00:00:00", db: "CNNVD", id: "CNNVD-202208-3801", }, { date: "2022-08-24T16:15:11.797000", db: "NVD", id: "CVE-2022-2234", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-08-24T00:00:00", db: "VULMON", id: "CVE-2022-2234", }, { date: "2024-06-13T09:18:00", db: "JVNDB", id: "JVNDB-2022-002341", }, { date: "2023-07-25T00:00:00", db: "CNNVD", id: "CNNVD-202208-3801", }, { date: "2023-07-24T13:07:21.177000", db: "NVD", id: "CVE-2022-2234", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202208-3801", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA Technologies Made myPRO Command injection vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-002341", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202208-3801", }, ], trust: 0.6, }, }
var-202112-1871
Vulnerability from variot
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. mySCADA myPRO contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system, mainly designed for the visualization and control of industrial processes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-1871", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.20.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.20.0 and earlier", }, { model: "mypro", scope: "lte", trust: 0.6, vendor: "myscada", version: "<=8.20.0", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102832", }, { db: "JVNDB", id: "JVNDB-2021-016606", }, { db: "NVD", id: "CVE-2021-43985", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Michael Heinzl reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202112-2092", }, ], trust: 0.6, }, cve: "CVE-2021-43985", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2021-43985", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 9.4, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2021-102832", impactScore: 9.2, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-43985", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "ics-cert@hq.dhs.gov", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-43985", impactScore: 5.2, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-43985", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-43985", trust: 1, value: "CRITICAL", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2021-43985", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2021-43985", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2021-102832", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-2092", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2021-43985", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102832", }, { db: "VULMON", id: "CVE-2021-43985", }, { db: "JVNDB", id: "JVNDB-2021-016606", }, { db: "CNNVD", id: "CNNVD-202112-2092", }, { db: "NVD", id: "CVE-2021-43985", }, { db: "NVD", id: "CVE-2021-43985", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. mySCADA myPRO contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system, mainly designed for the visualization and control of industrial processes", sources: [ { db: "NVD", id: "CVE-2021-43985", }, { db: "JVNDB", id: "JVNDB-2021-016606", }, { db: "CNVD", id: "CNVD-2021-102832", }, { db: "VULMON", id: "CVE-2021-43985", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-43985", trust: 3.9, }, { db: "ICS CERT", id: "ICSA-21-355-01", trust: 3.1, }, { db: "JVN", id: "JVNVU90153325", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-016606", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-102832", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.0075", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-2092", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-43985", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102832", }, { db: "VULMON", id: "CVE-2021-43985", }, { db: "JVNDB", id: "JVNDB-2021-016606", }, { db: "CNNVD", id: "CNNVD-202112-2092", }, { db: "NVD", id: "CVE-2021-43985", }, ], }, id: "VAR-202112-1871", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-102832", }, ], trust: 0.8894511199999999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102832", }, ], }, last_update_date: "2024-11-23T21:33:27.010000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "myPRO", trust: 0.8, url: "https://www.myscada.org/mypro/", }, { title: "Patch for mySCADA myPRO authentication bypass vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/310831", }, { title: "mySCADA myPRO Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175469", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102832", }, { db: "JVNDB", id: "JVNDB-2021-016606", }, { db: "CNNVD", id: "CNNVD-202112-2092", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-288", trust: 1, }, { problemtype: "Authentication Bypass Using Alternate Paths or Channels (CWE-288) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016606", }, { db: "NVD", id: "CVE-2021-43985", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.1, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-43985", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu90153325/index.html", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0075", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/288.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102832", }, { db: "VULMON", id: "CVE-2021-43985", }, { db: "JVNDB", id: "JVNDB-2021-016606", }, { db: "CNNVD", id: "CNNVD-202112-2092", }, { db: "NVD", id: "CVE-2021-43985", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-102832", }, { db: "VULMON", id: "CVE-2021-43985", }, { db: "JVNDB", id: "JVNDB-2021-016606", }, { db: "CNNVD", id: "CNNVD-202112-2092", }, { db: "NVD", id: "CVE-2021-43985", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-28T00:00:00", db: "CNVD", id: "CNVD-2021-102832", }, { date: "2021-12-23T00:00:00", db: "VULMON", id: "CVE-2021-43985", }, { date: "2022-12-19T00:00:00", db: "JVNDB", id: "JVNDB-2021-016606", }, { date: "2021-12-21T00:00:00", db: "CNNVD", id: "CNNVD-202112-2092", }, { date: "2021-12-23T20:15:11.710000", db: "NVD", id: "CVE-2021-43985", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-30T00:00:00", db: "CNVD", id: "CNVD-2021-102832", }, { date: "2021-12-29T00:00:00", db: "VULMON", id: "CVE-2021-43985", }, { date: "2022-12-19T04:31:00", db: "JVNDB", id: "JVNDB-2021-016606", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202112-2092", }, { date: "2024-11-21T06:30:09.177000", db: "NVD", id: "CVE-2021-43985", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2092", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO Authentication Bypass Vulnerability Using Alternate Paths or Channels in", sources: [ { db: "JVNDB", id: "JVNDB-2021-016606", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202112-2092", }, ], trust: 0.6, }, }
var-202112-2106
Vulnerability from variot
mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2106", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.20.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.20.0 and earlier", }, { model: "mypro", scope: "lte", trust: 0.6, vendor: "myscada", version: "<=8.20.0", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102829", }, { db: "JVNDB", id: "JVNDB-2021-017134", }, { db: "NVD", id: "CVE-2021-44453", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Michael Heinzl reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202112-2085", }, ], trust: 0.6, }, cve: "CVE-2021-44453", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2021-44453", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2021-102829", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-44453", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "ics-cert@hq.dhs.gov", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-44453", impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-44453", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-44453", trust: 1, value: "CRITICAL", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2021-44453", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2021-44453", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2021-102829", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-2085", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2021-44453", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102829", }, { db: "VULMON", id: "CVE-2021-44453", }, { db: "JVNDB", id: "JVNDB-2021-017134", }, { db: "CNNVD", id: "CNNVD-202112-2085", }, { db: "NVD", id: "CVE-2021-44453", }, { db: "NVD", id: "CVE-2021-44453", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes", sources: [ { db: "NVD", id: "CVE-2021-44453", }, { db: "JVNDB", id: "JVNDB-2021-017134", }, { db: "CNVD", id: "CNVD-2021-102829", }, { db: "VULMON", id: "CVE-2021-44453", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-44453", trust: 3.9, }, { db: "ICS CERT", id: "ICSA-21-355-01", trust: 3.1, }, { db: "JVN", id: "JVNVU90153325", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-017134", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-102829", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.0075", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-2085", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-44453", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102829", }, { db: "VULMON", id: "CVE-2021-44453", }, { db: "JVNDB", id: "JVNDB-2021-017134", }, { db: "CNNVD", id: "CNNVD-202112-2085", }, { db: "NVD", id: "CVE-2021-44453", }, ], }, id: "VAR-202112-2106", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-102829", }, ], trust: 0.8894511199999999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102829", }, ], }, last_update_date: "2024-11-23T21:33:26.979000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "myPRO", trust: 0.8, url: "https://www.myscada.org/mypro/", }, { title: "Patch for mySCADA myPRO OS Command Injection Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/310811", }, { title: "mySCADA myPRO Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175462", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102829", }, { db: "JVNDB", id: "JVNDB-2021-017134", }, { db: "CNNVD", id: "CNNVD-202112-2085", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-017134", }, { db: "NVD", id: "CVE-2021-44453", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.1, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-44453", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu90153325/", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0075", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102829", }, { db: "VULMON", id: "CVE-2021-44453", }, { db: "JVNDB", id: "JVNDB-2021-017134", }, { db: "CNNVD", id: "CNNVD-202112-2085", }, { db: "NVD", id: "CVE-2021-44453", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-102829", }, { db: "VULMON", id: "CVE-2021-44453", }, { db: "JVNDB", id: "JVNDB-2021-017134", }, { db: "CNNVD", id: "CNNVD-202112-2085", }, { db: "NVD", id: "CVE-2021-44453", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-28T00:00:00", db: "CNVD", id: "CNVD-2021-102829", }, { date: "2021-12-23T00:00:00", db: "VULMON", id: "CVE-2021-44453", }, { date: "2023-01-05T00:00:00", db: "JVNDB", id: "JVNDB-2021-017134", }, { date: "2021-12-21T00:00:00", db: "CNNVD", id: "CNNVD-202112-2085", }, { date: "2021-12-23T20:15:11.883000", db: "NVD", id: "CVE-2021-44453", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-26T00:00:00", db: "CNVD", id: "CNVD-2021-102829", }, { date: "2022-01-05T00:00:00", db: "VULMON", id: "CVE-2021-44453", }, { date: "2023-01-05T02:24:00", db: "JVNDB", id: "JVNDB-2021-017134", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202112-2085", }, { date: "2024-11-21T06:31:00.720000", db: "NVD", id: "CVE-2021-44453", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2085", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-017134", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202112-2085", }, ], trust: 0.6, }, }
var-202112-1873
Vulnerability from variot
mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-1873", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.20.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.20.0 and earlier", }, { model: "mypro", scope: "lte", trust: 0.6, vendor: "myscada", version: "<=8.20.0", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102826", }, { db: "JVNDB", id: "JVNDB-2021-016604", }, { db: "NVD", id: "CVE-2021-43981", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Michael Heinzl reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202112-2082", }, ], trust: 0.6, }, cve: "CVE-2021-43981", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2021-43981", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2021-102826", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-43981", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "ics-cert@hq.dhs.gov", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-43981", impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-43981", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-43981", trust: 1, value: "CRITICAL", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2021-43981", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2021-43981", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2021-102826", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-2082", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2021-43981", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102826", }, { db: "VULMON", id: "CVE-2021-43981", }, { db: "JVNDB", id: "JVNDB-2021-016604", }, { db: "CNNVD", id: "CNNVD-202112-2082", }, { db: "NVD", id: "CVE-2021-43981", }, { db: "NVD", id: "CVE-2021-43981", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes", sources: [ { db: "NVD", id: "CVE-2021-43981", }, { db: "JVNDB", id: "JVNDB-2021-016604", }, { db: "CNVD", id: "CNVD-2021-102826", }, { db: "VULMON", id: "CVE-2021-43981", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-43981", trust: 3.9, }, { db: "ICS CERT", id: "ICSA-21-355-01", trust: 3.1, }, { db: "JVN", id: "JVNVU90153325", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-016604", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-102826", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.0075", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-2082", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-43981", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102826", }, { db: "VULMON", id: "CVE-2021-43981", }, { db: "JVNDB", id: "JVNDB-2021-016604", }, { db: "CNNVD", id: "CNNVD-202112-2082", }, { db: "NVD", id: "CVE-2021-43981", }, ], }, id: "VAR-202112-1873", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-102826", }, ], trust: 0.8894511199999999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102826", }, ], }, last_update_date: "2024-11-23T21:33:27.071000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "myPRO", trust: 0.8, url: "https://www.myscada.org/mypro/", }, { title: "Patch for mySCADA myPRO Operating System Command Injection Vulnerability (CNVD-2021-102826)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/310791", }, { title: "mySCADA myPRO Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175459", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102826", }, { db: "JVNDB", id: "JVNDB-2021-016604", }, { db: "CNNVD", id: "CNNVD-202112-2082", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016604", }, { db: "NVD", id: "CVE-2021-43981", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.1, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu90153325/index.html", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-43981", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0075", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102826", }, { db: "VULMON", id: "CVE-2021-43981", }, { db: "JVNDB", id: "JVNDB-2021-016604", }, { db: "CNNVD", id: "CNNVD-202112-2082", }, { db: "NVD", id: "CVE-2021-43981", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-102826", }, { db: "VULMON", id: "CVE-2021-43981", }, { db: "JVNDB", id: "JVNDB-2021-016604", }, { db: "CNNVD", id: "CNNVD-202112-2082", }, { db: "NVD", id: "CVE-2021-43981", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-28T00:00:00", db: "CNVD", id: "CNVD-2021-102826", }, { date: "2021-12-23T00:00:00", db: "VULMON", id: "CVE-2021-43981", }, { date: "2022-12-19T00:00:00", db: "JVNDB", id: "JVNDB-2021-016604", }, { date: "2021-12-21T00:00:00", db: "CNNVD", id: "CNNVD-202112-2082", }, { date: "2021-12-23T20:15:11.590000", db: "NVD", id: "CVE-2021-43981", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-26T00:00:00", db: "CNVD", id: "CNVD-2021-102826", }, { date: "2021-12-29T00:00:00", db: "VULMON", id: "CVE-2021-43981", }, { date: "2022-12-19T04:31:00", db: "JVNDB", id: "JVNDB-2021-016604", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202112-2082", }, { date: "2024-11-21T06:30:08.420000", db: "NVD", id: "CVE-2021-43981", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2082", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-016604", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202112-2082", }, ], trust: 0.6, }, }
var-202304-2123
Vulnerability from variot
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-2123", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.26.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: null, trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.26.0 and earlier", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009261", }, { db: "NVD", id: "CVE-2023-29169", }, ], }, cve: "CVE-2023-29169", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2023-29169", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-29169", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-29169", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2023-29169", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202304-2199", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009261", }, { db: "CNNVD", id: "CNNVD-202304-2199", }, { db: "NVD", id: "CVE-2023-29169", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-29169", }, { db: "JVNDB", id: "JVNDB-2023-009261", }, { db: "VULMON", id: "CVE-2023-29169", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-29169", trust: 3.3, }, { db: "ICS CERT", id: "ICSA-23-096-06", trust: 2.5, }, { db: "JVN", id: "JVNVU95525237", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-009261", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202304-2199", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-29169", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-29169", }, { db: "JVNDB", id: "JVNDB-2023-009261", }, { db: "CNNVD", id: "CNNVD-202304-2199", }, { db: "NVD", id: "CVE-2023-29169", }, ], }, id: "VAR-202304-2123", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28945112, }, last_update_date: "2024-08-14T13:20:47.386000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "mySCADA myPRO Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=236107", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202304-2199", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009261", }, { db: "NVD", id: "CVE-2023-29169", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95525237/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-29169", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-29169/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-29169", }, { db: "JVNDB", id: "JVNDB-2023-009261", }, { db: "CNNVD", id: "CNNVD-202304-2199", }, { db: "NVD", id: "CVE-2023-29169", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-29169", }, { db: "JVNDB", id: "JVNDB-2023-009261", }, { db: "CNNVD", id: "CNNVD-202304-2199", }, { db: "NVD", id: "CVE-2023-29169", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-27T00:00:00", db: "VULMON", id: "CVE-2023-29169", }, { date: "2023-12-05T00:00:00", db: "JVNDB", id: "JVNDB-2023-009261", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202304-2199", }, { date: "2023-04-27T23:15:15.050000", db: "NVD", id: "CVE-2023-29169", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-28T00:00:00", db: "VULMON", id: "CVE-2023-29169", }, { date: "2023-12-05T04:10:00", db: "JVNDB", id: "JVNDB-2023-009261", }, { date: "2023-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202304-2199", }, { date: "2023-11-07T04:11:05.927000", db: "NVD", id: "CVE-2023-29169", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202304-2199", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA Technologies of myPRO In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2023-009261", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202304-2199", }, ], trust: 0.6, }, }
var-202407-0046
Vulnerability from variot
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. Authentication is not required to exploit this vulnerability.The specific flaw exists within the telnet service, which listens on TCP port 5005 by default. The issue results from the use of hard-coded credentials. mySCADA myPRO is an application software. myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202407-0046", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lt", trust: 1.6, vendor: "myscada", version: "8.31.0", }, { model: "mypro", scope: null, trust: 0.7, vendor: "myscada", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-24-1226", }, { db: "CNVD", id: "CNVD-2024-46410", }, { db: "NVD", id: "CVE-2024-4708", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Nassim Asrir", sources: [ { db: "ZDI", id: "ZDI-24-1226", }, ], trust: 0.7, }, cve: "CVE-2024-4708", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2024-46410", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2024-4708", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "ZDI", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2024-4708", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2024-4708", trust: 1, value: "CRITICAL", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2024-4708", trust: 1, value: "Critical", }, { author: "ZDI", id: "CVE-2024-4708", trust: 0.7, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2024-46410", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-24-1226", }, { db: "CNVD", id: "CNVD-2024-46410", }, { db: "NVD", id: "CVE-2024-4708", }, { db: "NVD", id: "CVE-2024-4708", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO \n\nuses a hard-coded password which could allow an attacker to remotely execute code on the affected device. Authentication is not required to exploit this vulnerability.The specific flaw exists within the telnet service, which listens on TCP port 5005 by default. The issue results from the use of hard-coded credentials. mySCADA myPRO is an application software. myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes", sources: [ { db: "NVD", id: "CVE-2024-4708", }, { db: "ZDI", id: "ZDI-24-1226", }, { db: "CNVD", id: "CNVD-2024-46410", }, ], trust: 2.07, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2024-4708", trust: 2.3, }, { db: "ICS CERT", id: "ICSA-24-184-02", trust: 1.6, }, { db: "ZDI_CAN", id: "ZDI-CAN-23546", trust: 0.7, }, { db: "ZDI", id: "ZDI-24-1226", trust: 0.7, }, { db: "CNVD", id: "CNVD-2024-46410", trust: 0.6, }, ], sources: [ { db: "ZDI", id: "ZDI-24-1226", }, { db: "CNVD", id: "CNVD-2024-46410", }, { db: "NVD", id: "CVE-2024-4708", }, ], }, id: "VAR-202407-0046", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2024-46410", }, ], trust: 0.8894511199999999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2024-46410", }, ], }, last_update_date: "2024-11-29T23:04:10.837000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "mySCADA has issued an update to correct this vulnerability.", trust: 0.7, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02", }, { title: "Patch for mySCADA myPRO Trust Management Issue Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/634291", }, ], sources: [ { db: "ZDI", id: "ZDI-24-1226", }, { db: "CNVD", id: "CNVD-2024-46410", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-259", trust: 1, }, { problemtype: "CWE-798", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2024-4708", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02", }, { trust: 1, url: "https://www.myscada.org/mypro/", }, ], sources: [ { db: "ZDI", id: "ZDI-24-1226", }, { db: "CNVD", id: "CNVD-2024-46410", }, { db: "NVD", id: "CVE-2024-4708", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-24-1226", }, { db: "CNVD", id: "CNVD-2024-46410", }, { db: "NVD", id: "CVE-2024-4708", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-09-13T00:00:00", db: "ZDI", id: "ZDI-24-1226", }, { date: "2024-11-28T00:00:00", db: "CNVD", id: "CNVD-2024-46410", }, { date: "2024-07-02T23:15:10.860000", db: "NVD", id: "CVE-2024-4708", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-09-13T00:00:00", db: "ZDI", id: "ZDI-24-1226", }, { date: "2024-11-28T00:00:00", db: "CNVD", id: "CNVD-2024-46410", }, { date: "2024-08-29T19:31:56.517000", db: "NVD", id: "CVE-2024-4708", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO Hard-Coded Credentials Remote Code Execution Vulnerability", sources: [ { db: "ZDI", id: "ZDI-24-1226", }, ], trust: 0.7, }, }
var-202108-2253
Vulnerability from variot
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. It was * Sensitive system information may be read by a remote third party - CVE-2021-33013 It was * Arbitrary files can be uploaded to the file system by an unauthenticated remote attacker. - CVE-2021-33009 It was * Arbitrary files can be uploaded to any directory by an unauthenticated remote attacker. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-2253", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lt", trust: 1, vendor: "myscada", version: "8.20.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: "v8.20.0 all previous s", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "NVD", id: "CVE-2021-27505", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Michael Heinzl reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202108-488", }, ], trust: 0.6, }, cve: "CVE-2021-27505", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2021-27505", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-27505", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "OTHER", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2021-002267", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-27505", trust: 1, value: "HIGH", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2021-27505", trust: 1, value: "HIGH", }, { author: "OTHER", id: "JVNDB-2021-002267", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202108-488", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-488", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-27505", }, { db: "NVD", id: "CVE-2021-27505", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. It was * Sensitive system information may be read by a remote third party - CVE-2021-33013 It was * Arbitrary files can be uploaded to the file system by an unauthenticated remote attacker. - CVE-2021-33009 It was * Arbitrary files can be uploaded to any directory by an unauthenticated remote attacker. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", sources: [ { db: "NVD", id: "CVE-2021-27505", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULMON", id: "CVE-2021-27505", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-27505", trust: 3.3, }, { db: "ICS CERT", id: "ICSA-21-217-03", trust: 2.5, }, { db: "JVN", id: "JVNVU94730303", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-002267", trust: 0.8, }, { db: "CS-HELP", id: "SB2021080605", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.2659", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202108-488", trust: 0.6, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-27505", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-27505", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-488", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-27505", }, ], }, id: "VAR-202108-2253", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28945112, }, last_update_date: "2024-08-14T12:46:35.386000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "VERSION 8.20.0 RELEASED", trust: 0.8, url: "https://www.myscada.org/version-8-20-0-released-security-update/", }, { title: "mySCADA myPro Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159495", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-488", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-548", trust: 1, }, { problemtype: "Path traversal (CWE-22) [ others ]", trust: 0.8, }, { problemtype: " Inappropriate access control (CWE-284) [ others ]", trust: 0.8, }, { problemtype: " Unlimited uploads of dangerous types of files (CWE-434) [ others ]", trust: 0.8, }, { problemtype: " Information disclosure through directory listings (CWE-548) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "NVD", id: "CVE-2021-27505", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { trust: 1.7, url: "https://www.myscada.org/version-8-20-0-released-security-update", }, { trust: 1.4, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-03", }, { trust: 0.8, url: "http://jvn.jp/cert/jvnvu94730303", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27505", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33005", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33009", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33013", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021080605", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2021-27505/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.2659", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/548.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-27505", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-488", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-27505", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-27505", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-488", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-27505", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2021-27505", }, { date: "2021-08-10T00:00:00", db: "JVNDB", id: "JVNDB-2021-002267", }, { date: "2021-08-05T00:00:00", db: "CNNVD", id: "CNNVD-202108-488", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2022-05-13T16:15:07.877000", db: "NVD", id: "CVE-2021-27505", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2021-27505", }, { date: "2024-06-20T02:08:00", db: "JVNDB", id: "JVNDB-2021-002267", }, { date: "2022-05-25T00:00:00", db: "CNNVD", id: "CNNVD-202108-488", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2022-05-24T20:41:07.180000", db: "NVD", id: "CVE-2021-27505", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202108-488", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA Made myPRO Multiple vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202108-488", }, { db: "CNNVD", id: "CNNVD-202104-975", }, ], trust: 1.2, }, }
var-202108-2252
Vulnerability from variot
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-33005 It was * Sensitive directory listing information may be read by a remote attacker - CVE-2021-27505. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-2252", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lt", trust: 1, vendor: "myscada", version: "8.20.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: "v8.20.0 all previous s", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "NVD", id: "CVE-2021-33005", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Michael Heinzl reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202108-512", }, ], trust: 0.6, }, cve: "CVE-2021-33005", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CVE-2021-33005", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2021-33005", impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "OTHER", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2021-002267", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-33005", trust: 1, value: "HIGH", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2021-33005", trust: 1, value: "HIGH", }, { author: "OTHER", id: "JVNDB-2021-002267", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202108-512", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-512", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-33005", }, { db: "NVD", id: "CVE-2021-33005", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-33005 It was * Sensitive directory listing information may be read by a remote attacker - CVE-2021-27505. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", sources: [ { db: "NVD", id: "CVE-2021-33005", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULMON", id: "CVE-2021-33005", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-33005", trust: 3.3, }, { db: "ICS CERT", id: "ICSA-21-217-03", trust: 2.5, }, { db: "JVN", id: "JVNVU94730303", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-002267", trust: 0.8, }, { db: "CS-HELP", id: "SB2021080605", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.2659", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202108-512", trust: 0.6, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-33005", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-33005", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-512", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-33005", }, ], }, id: "VAR-202108-2252", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28945112, }, last_update_date: "2024-08-14T12:56:39.861000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "VERSION 8.20.0 RELEASED", trust: 0.8, url: "https://www.myscada.org/version-8-20-0-released-security-update/", }, { title: "mySCADA myPRO Repair measures for path traversal vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159496", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-512", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-22", trust: 1, }, { problemtype: "Path traversal (CWE-22) [ others ]", trust: 0.8, }, { problemtype: " Inappropriate access control (CWE-284) [ others ]", trust: 0.8, }, { problemtype: " Unlimited uploads of dangerous types of files (CWE-434) [ others ]", trust: 0.8, }, { problemtype: " Information disclosure through directory listings (CWE-548) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "NVD", id: "CVE-2021-33005", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { trust: 1.7, url: "https://www.myscada.org/version-8-20-0-released-security-update", }, { trust: 1.4, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-03", }, { trust: 0.8, url: "http://jvn.jp/cert/jvnvu94730303", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27505", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33005", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33009", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33013", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2021-33005/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021080605", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.2659", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/22.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-33005", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-512", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-33005", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-33005", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-512", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-33005", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2021-33005", }, { date: "2021-08-10T00:00:00", db: "JVNDB", id: "JVNDB-2021-002267", }, { date: "2021-08-05T00:00:00", db: "CNNVD", id: "CNNVD-202108-512", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2022-05-13T16:15:07.950000", db: "NVD", id: "CVE-2021-33005", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2021-33005", }, { date: "2024-06-20T02:08:00", db: "JVNDB", id: "JVNDB-2021-002267", }, { date: "2022-05-25T00:00:00", db: "CNNVD", id: "CNNVD-202108-512", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2022-05-24T20:41:52.433000", db: "NVD", id: "CVE-2021-33005", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202108-512", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA Made myPRO Multiple vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "path traversal", sources: [ { db: "CNNVD", id: "CNNVD-202108-512", }, ], trust: 0.6, }, }
var-202108-2250
Vulnerability from variot
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. It was * Sensitive system information may be read by a remote third party - CVE-2021-33013 It was * Arbitrary files can be uploaded to the file system by an unauthenticated remote attacker. - CVE-2021-33009 It was * Arbitrary files can be uploaded to any directory by an unauthenticated remote attacker. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-2250", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lt", trust: 1, vendor: "myscada", version: "8.20.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: "v8.20.0 all previous s", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "NVD", id: "CVE-2021-33013", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Michael Heinzl reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202108-519", }, ], trust: 0.6, }, cve: "CVE-2021-33013", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2021-33013", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-33013", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "ics-cert@hq.dhs.gov", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-33013", impactScore: 4.2, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "OTHER", availabilityImpact: "None", baseScore: 8.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2021-002267", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-33013", trust: 1, value: "HIGH", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2021-33013", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-33013", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202108-519", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-519", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-33013", }, { db: "NVD", id: "CVE-2021-33013", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. It was * Sensitive system information may be read by a remote third party - CVE-2021-33013 It was * Arbitrary files can be uploaded to the file system by an unauthenticated remote attacker. - CVE-2021-33009 It was * Arbitrary files can be uploaded to any directory by an unauthenticated remote attacker. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", sources: [ { db: "NVD", id: "CVE-2021-33013", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULMON", id: "CVE-2021-33013", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-33013", trust: 3.3, }, { db: "ICS CERT", id: "ICSA-21-217-03", trust: 2.5, }, { db: "JVN", id: "JVNVU94730303", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-002267", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2021.2659", trust: 0.6, }, { db: "CS-HELP", id: "SB2021080605", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202108-519", trust: 0.6, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-33013", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-33013", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-519", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-33013", }, ], }, id: "VAR-202108-2250", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28945112, }, last_update_date: "2024-08-14T13:03:11.334000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "VERSION 8.20.0 RELEASED", trust: 0.8, url: "https://www.myscada.org/version-8-20-0-released-security-update/", }, { title: "mySCADA myPRO Fixes for access control error vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=159497", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-519", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-862", trust: 1, }, { problemtype: "CWE-284", trust: 1, }, { problemtype: "Path traversal (CWE-22) [ others ]", trust: 0.8, }, { problemtype: " Inappropriate access control (CWE-284) [ others ]", trust: 0.8, }, { problemtype: " Unlimited uploads of dangerous types of files (CWE-434) [ others ]", trust: 0.8, }, { problemtype: " Information disclosure through directory listings (CWE-548) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "NVD", id: "CVE-2021-33013", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { trust: 1.7, url: "https://www.myscada.org/version-8-20-0-released-security-update", }, { trust: 1.4, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-03", }, { trust: 0.8, url: "http://jvn.jp/cert/jvnvu94730303", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-27505", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33005", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33009", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33013", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021080605", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2021-33013/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.2659", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/284.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-33013", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-519", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-33013", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-33013", }, { db: "JVNDB", id: "JVNDB-2021-002267", }, { db: "CNNVD", id: "CNNVD-202108-519", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "NVD", id: "CVE-2021-33013", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2021-33013", }, { date: "2021-08-10T00:00:00", db: "JVNDB", id: "JVNDB-2021-002267", }, { date: "2021-08-05T00:00:00", db: "CNNVD", id: "CNNVD-202108-519", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2022-05-13T16:15:08.083000", db: "NVD", id: "CVE-2021-33013", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2021-33013", }, { date: "2024-06-20T02:08:00", db: "JVNDB", id: "JVNDB-2021-002267", }, { date: "2022-10-28T00:00:00", db: "CNNVD", id: "CNNVD-202108-519", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2022-10-27T11:56:13.777000", db: "NVD", id: "CVE-2021-33013", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202108-519", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA Made myPRO Multiple vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2021-002267", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "access control error", sources: [ { db: "CNNVD", id: "CNNVD-202108-519", }, ], trust: 0.6, }, }
var-202304-2125
Vulnerability from variot
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-2125", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.26.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: null, trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.26.0 and earlier", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009258", }, { db: "NVD", id: "CVE-2023-28400", }, ], }, cve: "CVE-2023-28400", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2023-28400", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-28400", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-28400", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2023-28400", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202304-2196", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009258", }, { db: "CNNVD", id: "CNNVD-202304-2196", }, { db: "NVD", id: "CVE-2023-28400", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-28400", }, { db: "JVNDB", id: "JVNDB-2023-009258", }, { db: "VULMON", id: "CVE-2023-28400", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-28400", trust: 3.3, }, { db: "ICS CERT", id: "ICSA-23-096-06", trust: 2.5, }, { db: "JVN", id: "JVNVU95525237", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-009258", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202304-2196", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-28400", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-28400", }, { db: "JVNDB", id: "JVNDB-2023-009258", }, { db: "CNNVD", id: "CNNVD-202304-2196", }, { db: "NVD", id: "CVE-2023-28400", }, ], }, id: "VAR-202304-2125", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28945112, }, last_update_date: "2024-08-14T13:20:47.335000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "mySCADA myPRO Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=236105", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202304-2196", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009258", }, { db: "NVD", id: "CVE-2023-28400", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95525237/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-28400", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-28400/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-28400", }, { db: "JVNDB", id: "JVNDB-2023-009258", }, { db: "CNNVD", id: "CNNVD-202304-2196", }, { db: "NVD", id: "CVE-2023-28400", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-28400", }, { db: "JVNDB", id: "JVNDB-2023-009258", }, { db: "CNNVD", id: "CNNVD-202304-2196", }, { db: "NVD", id: "CVE-2023-28400", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-27T00:00:00", db: "VULMON", id: "CVE-2023-28400", }, { date: "2023-12-05T00:00:00", db: "JVNDB", id: "JVNDB-2023-009258", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202304-2196", }, { date: "2023-04-27T23:15:14.917000", db: "NVD", id: "CVE-2023-28400", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-28T00:00:00", db: "VULMON", id: "CVE-2023-28400", }, { date: "2023-12-05T04:10:00", db: "JVNDB", id: "JVNDB-2023-009258", }, { date: "2023-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202304-2196", }, { date: "2023-11-07T04:10:33.863000", db: "NVD", id: "CVE-2023-28400", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202304-2196", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA Technologies of myPRO In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2023-009258", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202304-2196", }, ], trust: 0.6, }, }
var-202203-0931
Vulnerability from variot
An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0931", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.25.0", }, ], sources: [ { db: "NVD", id: "CVE-2022-0999", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Michael Heinzl reported this vulnerability to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202203-2128", }, ], trust: 0.6, }, cve: "CVE-2022-0999", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, id: "CVE-2022-0999", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.1, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-0999", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-0999", trust: 1, value: "HIGH", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2022-0999", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202203-2128", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2022-0999", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2022-0999", }, { db: "CNNVD", id: "CNNVD-202203-2128", }, { db: "NVD", id: "CVE-2022-0999", }, { db: "NVD", id: "CVE-2022-0999", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior", sources: [ { db: "NVD", id: "CVE-2022-0999", }, { db: "VULMON", id: "CVE-2022-0999", }, ], trust: 0.99, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "ICS CERT", id: "ICSA-22-083-02", trust: 1.7, }, { db: "NVD", id: "CVE-2022-0999", trust: 1.7, }, { db: "CS-HELP", id: "SB2022032501", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.1286", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-2128", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-0999", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-0999", }, { db: "CNNVD", id: "CNNVD-202203-2128", }, { db: "NVD", id: "CVE-2022-0999", }, ], }, id: "VAR-202203-0931", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28945112, }, last_update_date: "2024-11-23T22:44:03.152000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "mySCADA myPRO Repair measures for operating system command injection vulnerability in operating system", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189772", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202203-2128", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "CWE-77", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-0999", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-0999/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.1286", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-22-083-02", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022032501", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-0999", }, { db: "CNNVD", id: "CNNVD-202203-2128", }, { db: "NVD", id: "CVE-2022-0999", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-0999", }, { db: "CNNVD", id: "CNNVD-202203-2128", }, { db: "NVD", id: "CVE-2022-0999", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-11T00:00:00", db: "VULMON", id: "CVE-2022-0999", }, { date: "2022-03-24T00:00:00", db: "CNNVD", id: "CNNVD-202203-2128", }, { date: "2022-04-11T20:15:16.737000", db: "NVD", id: "CVE-2022-0999", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-18T00:00:00", db: "VULMON", id: "CVE-2022-0999", }, { date: "2022-04-19T00:00:00", db: "CNNVD", id: "CNNVD-202203-2128", }, { date: "2024-11-21T06:39:49.783000", db: "NVD", id: "CVE-2022-0999", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202203-2128", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO Operating system operating system command injection vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202203-2128", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202203-2128", }, ], trust: 0.6, }, }
var-201805-0431
Vulnerability from variot
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. mySCADA myPRO Contains an information disclosure vulnerability.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0431", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "eq", trust: 1.6, vendor: "myscada", version: "7.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: "7", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005480", }, { db: "CNNVD", id: "CNNVD-201805-909", }, { db: "NVD", id: "CVE-2018-11517", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:myscada:mypro", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005480", }, ], }, cve: "CVE-2018-11517", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2018-11517", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, id: "CVE-2018-11517", impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-11517", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2018-11517", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201805-909", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005480", }, { db: "CNNVD", id: "CNNVD-201805-909", }, { db: "NVD", id: "CVE-2018-11517", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. mySCADA myPRO Contains an information disclosure vulnerability.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2018-11517", }, { db: "JVNDB", id: "JVNDB-2018-005480", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-11517", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2018-005480", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201805-909", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005480", }, { db: "CNNVD", id: "CNNVD-201805-909", }, { db: "NVD", id: "CVE-2018-11517", }, ], }, id: "VAR-201805-0431", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28945112, }, last_update_date: "2024-11-23T22:45:19.571000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "myPRO", trust: 0.8, url: "https://www.myscada.org/mypro/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005480", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005480", }, { db: "NVD", id: "CVE-2018-11517", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://github.com/emreovunc/myscada-mypro-7-projectid-disclosure", }, { trust: 1.6, url: "https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11517", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-11517", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-005480", }, { db: "CNNVD", id: "CNNVD-201805-909", }, { db: "NVD", id: "CVE-2018-11517", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2018-005480", }, { db: "CNNVD", id: "CNNVD-201805-909", }, { db: "NVD", id: "CVE-2018-11517", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-07-18T00:00:00", db: "JVNDB", id: "JVNDB-2018-005480", }, { date: "2018-05-29T00:00:00", db: "CNNVD", id: "CNNVD-201805-909", }, { date: "2018-05-28T16:29:00.370000", db: "NVD", id: "CVE-2018-11517", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-07-18T00:00:00", db: "JVNDB", id: "JVNDB-2018-005480", }, { date: "2018-05-29T00:00:00", db: "CNNVD", id: "CNNVD-201805-909", }, { date: "2024-11-21T03:43:32.153000", db: "NVD", id: "CVE-2018-11517", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201805-909", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO Vulnerable to information disclosure", sources: [ { db: "JVNDB", id: "JVNDB-2018-005480", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-201805-909", }, ], trust: 0.6, }, }
var-201710-1116
Vulnerability from variot
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges. mySCADA myPRO Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. myPRO is an HMI/SCADA system for the visualization and control of industrial processes. mySCADA myPRO is prone to a local privilege-escalation vulnerability. mySCADA myPRO Versions 7.0.26 and prior are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1116", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1.8, vendor: "myscada", version: "7.0.26", }, { model: "mypro", scope: "eq", trust: 0.9, vendor: "myscada", version: "7.0.26", }, { model: "mypro", scope: "lte", trust: 0.6, vendor: "myscada", version: "<=7.0.26", }, { model: "mypro", scope: "eq", trust: 0.3, vendor: "myscada", version: "0", }, { model: null, scope: "eq", trust: 0.2, vendor: "mypro", version: "*", }, ], sources: [ { db: "IVD", id: "98037459-60aa-4d28-ad7c-d0eb6becd959", }, { db: "CNVD", id: "CNVD-2017-26426", }, { db: "BID", id: "100815", }, { db: "JVNDB", id: "JVNDB-2017-009274", }, { db: "CNNVD", id: "CNNVD-201709-873", }, { db: "NVD", id: "CVE-2017-12730", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:myscada:mypro", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-009274", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Karn Ganeshen.", sources: [ { db: "BID", id: "100815", }, { db: "CNNVD", id: "CNNVD-201709-873", }, ], trust: 0.9, }, cve: "CVE-2017-12730", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CVE-2017-12730", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.8, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2017-26426", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "IVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "98037459-60aa-4d28-ad7c-d0eb6becd959", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.2, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.9 [IVD]", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2017-12730", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-12730", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2017-12730", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2017-26426", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201709-873", trust: 0.6, value: "HIGH", }, { author: "IVD", id: "98037459-60aa-4d28-ad7c-d0eb6becd959", trust: 0.2, value: "HIGH", }, ], }, ], sources: [ { db: "IVD", id: "98037459-60aa-4d28-ad7c-d0eb6becd959", }, { db: "CNVD", id: "CNVD-2017-26426", }, { db: "JVNDB", id: "JVNDB-2017-009274", }, { db: "CNNVD", id: "CNNVD-201709-873", }, { db: "NVD", id: "CVE-2017-12730", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges. mySCADA myPRO Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. myPRO is an HMI/SCADA system for the visualization and control of industrial processes. mySCADA myPRO is prone to a local privilege-escalation vulnerability. \nmySCADA myPRO Versions 7.0.26 and prior are vulnerable", sources: [ { db: "NVD", id: "CVE-2017-12730", }, { db: "JVNDB", id: "JVNDB-2017-009274", }, { db: "CNVD", id: "CNVD-2017-26426", }, { db: "BID", id: "100815", }, { db: "IVD", id: "98037459-60aa-4d28-ad7c-d0eb6becd959", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-12730", trust: 3.5, }, { db: "ICS CERT", id: "ICSA-17-255-01", trust: 3.3, }, { db: "BID", id: "100815", trust: 1.9, }, { db: "CNVD", id: "CNVD-2017-26426", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201709-873", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2017-009274", trust: 0.8, }, { db: "IVD", id: "98037459-60AA-4D28-AD7C-D0EB6BECD959", trust: 0.2, }, ], sources: [ { db: "IVD", id: "98037459-60aa-4d28-ad7c-d0eb6becd959", }, { db: "CNVD", id: "CNVD-2017-26426", }, { db: "BID", id: "100815", }, { db: "JVNDB", id: "JVNDB-2017-009274", }, { db: "CNNVD", id: "CNNVD-201709-873", }, { db: "NVD", id: "CVE-2017-12730", }, ], }, id: "VAR-201710-1116", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "IVD", id: "98037459-60aa-4d28-ad7c-d0eb6becd959", }, { db: "CNVD", id: "CNVD-2017-26426", }, ], trust: 1.08945112, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.8, }, ], sources: [ { db: "IVD", id: "98037459-60aa-4d28-ad7c-d0eb6becd959", }, { db: "CNVD", id: "CNVD-2017-26426", }, ], }, last_update_date: "2024-11-23T22:17:46.925000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "myPRO", trust: 0.8, url: "https://www.myscada.org/mypro/", }, { title: "Patch for mySCADA myPRO privilege escalation vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/102111", }, { title: "mySCADA myPRO Fixes for permission permissions and access control vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74978", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-26426", }, { db: "JVNDB", id: "JVNDB-2017-009274", }, { db: "CNNVD", id: "CNNVD-201709-873", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-428", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-009274", }, { db: "NVD", id: "CVE-2017-12730", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.3, url: "https://ics-cert.us-cert.gov/advisories/icsa-17-255-01", }, { trust: 1.6, url: "http://www.securityfocus.com/bid/100815", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12730", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-12730", }, { trust: 0.3, url: "https://www.myscada.org/mypro/", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-26426", }, { db: "BID", id: "100815", }, { db: "JVNDB", id: "JVNDB-2017-009274", }, { db: "CNNVD", id: "CNNVD-201709-873", }, { db: "NVD", id: "CVE-2017-12730", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "IVD", id: "98037459-60aa-4d28-ad7c-d0eb6becd959", }, { db: "CNVD", id: "CNVD-2017-26426", }, { db: "BID", id: "100815", }, { db: "JVNDB", id: "JVNDB-2017-009274", }, { db: "CNNVD", id: "CNNVD-201709-873", }, { db: "NVD", id: "CVE-2017-12730", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-09-13T00:00:00", db: "IVD", id: "98037459-60aa-4d28-ad7c-d0eb6becd959", }, { date: "2017-09-13T00:00:00", db: "CNVD", id: "CNVD-2017-26426", }, { date: "2017-09-12T00:00:00", db: "BID", id: "100815", }, { date: "2017-11-07T00:00:00", db: "JVNDB", id: "JVNDB-2017-009274", }, { date: "2017-09-21T00:00:00", db: "CNNVD", id: "CNNVD-201709-873", }, { date: "2017-10-06T04:29:00.217000", db: "NVD", id: "CVE-2017-12730", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-09-13T00:00:00", db: "CNVD", id: "CNVD-2017-26426", }, { date: "2017-09-12T00:00:00", db: "BID", id: "100815", }, { date: "2017-11-07T00:00:00", db: "JVNDB", id: "JVNDB-2017-009274", }, { date: "2019-10-17T00:00:00", db: "CNNVD", id: "CNNVD-201709-873", }, { date: "2024-11-21T03:10:06.643000", db: "NVD", id: "CVE-2017-12730", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "BID", id: "100815", }, { db: "CNNVD", id: "CNNVD-201709-873", }, ], trust: 0.9, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO Vulnerabilities related to unquoted search paths or elements", sources: [ { db: "JVNDB", id: "JVNDB-2017-009274", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Code problem", sources: [ { db: "IVD", id: "98037459-60aa-4d28-ad7c-d0eb6becd959", }, { db: "CNNVD", id: "CNNVD-201709-873", }, ], trust: 0.8, }, }
var-202304-2122
Vulnerability from variot
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-2122", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.26.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: null, trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.26.0 and earlier", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009260", }, { db: "NVD", id: "CVE-2023-29150", }, ], }, cve: "CVE-2023-29150", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2023-29150", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-29150", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-29150", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2023-29150", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202304-2200", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009260", }, { db: "CNNVD", id: "CNNVD-202304-2200", }, { db: "NVD", id: "CVE-2023-29150", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-29150", }, { db: "JVNDB", id: "JVNDB-2023-009260", }, { db: "VULMON", id: "CVE-2023-29150", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-29150", trust: 3.3, }, { db: "ICS CERT", id: "ICSA-23-096-06", trust: 2.5, }, { db: "JVN", id: "JVNVU95525237", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-009260", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202304-2200", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-29150", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-29150", }, { db: "JVNDB", id: "JVNDB-2023-009260", }, { db: "CNNVD", id: "CNNVD-202304-2200", }, { db: "NVD", id: "CVE-2023-29150", }, ], }, id: "VAR-202304-2122", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.28945112, }, last_update_date: "2024-08-14T13:20:47.435000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "mySCADA myPRO Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=236108", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202304-2200", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-009260", }, { db: "NVD", id: "CVE-2023-29150", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95525237/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-29150", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-29150/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-29150", }, { db: "JVNDB", id: "JVNDB-2023-009260", }, { db: "CNNVD", id: "CNNVD-202304-2200", }, { db: "NVD", id: "CVE-2023-29150", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-29150", }, { db: "JVNDB", id: "JVNDB-2023-009260", }, { db: "CNNVD", id: "CNNVD-202304-2200", }, { db: "NVD", id: "CVE-2023-29150", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-27T00:00:00", db: "VULMON", id: "CVE-2023-29150", }, { date: "2023-12-05T00:00:00", db: "JVNDB", id: "JVNDB-2023-009260", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202304-2200", }, { date: "2023-04-27T23:15:15.007000", db: "NVD", id: "CVE-2023-29150", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-28T00:00:00", db: "VULMON", id: "CVE-2023-29150", }, { date: "2023-12-05T04:10:00", db: "JVNDB", id: "JVNDB-2023-009260", }, { date: "2023-05-06T00:00:00", db: "CNNVD", id: "CNNVD-202304-2200", }, { date: "2023-11-07T04:11:05.567000", db: "NVD", id: "CVE-2023-29150", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202304-2200", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA Technologies of myPRO In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2023-009260", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202304-2200", }, ], trust: 0.6, }, }
var-202112-1875
Vulnerability from variot
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-1875", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.20.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.20.0 and earlier", }, { model: "mypro", scope: "lte", trust: 0.6, vendor: "myscada", version: "<=8.20.0", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102828", }, { db: "JVNDB", id: "JVNDB-2021-016602", }, { db: "NVD", id: "CVE-2021-22657", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Michael Heinzl reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202112-2084", }, ], trust: 0.6, }, cve: "CVE-2021-22657", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2021-22657", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2021-102828", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-22657", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "ics-cert@hq.dhs.gov", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-22657", impactScore: 6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-22657", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-22657", trust: 1, value: "CRITICAL", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2021-22657", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2021-22657", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2021-102828", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-2084", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2021-22657", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102828", }, { db: "VULMON", id: "CVE-2021-22657", }, { db: "JVNDB", id: "JVNDB-2021-016602", }, { db: "CNNVD", id: "CNNVD-202112-2084", }, { db: "NVD", id: "CVE-2021-22657", }, { db: "NVD", id: "CVE-2021-22657", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes", sources: [ { db: "NVD", id: "CVE-2021-22657", }, { db: "JVNDB", id: "JVNDB-2021-016602", }, { db: "CNVD", id: "CNVD-2021-102828", }, { db: "VULMON", id: "CVE-2021-22657", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-22657", trust: 3.9, }, { db: "ICS CERT", id: "ICSA-21-355-01", trust: 3.1, }, { db: "JVN", id: "JVNVU90153325", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-016602", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-102828", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.0075", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-2084", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-22657", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102828", }, { db: "VULMON", id: "CVE-2021-22657", }, { db: "JVNDB", id: "JVNDB-2021-016602", }, { db: "CNNVD", id: "CNNVD-202112-2084", }, { db: "NVD", id: "CVE-2021-22657", }, ], }, id: "VAR-202112-1875", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-102828", }, ], trust: 0.8894511199999999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102828", }, ], }, last_update_date: "2024-08-14T13:22:57.968000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "myPRO", trust: 0.8, url: "https://www.myscada.org/mypro/", }, { title: "Patch for mySCADA myPRO Operating System Command Injection Vulnerability (CNVD-2021-102828)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/310806", }, { title: "mySCADA myPRO Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175461", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102828", }, { db: "JVNDB", id: "JVNDB-2021-016602", }, { db: "CNNVD", id: "CNNVD-202112-2084", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016602", }, { db: "NVD", id: "CVE-2021-22657", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.1, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu90153325/index.html", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-22657", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0075", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102828", }, { db: "VULMON", id: "CVE-2021-22657", }, { db: "JVNDB", id: "JVNDB-2021-016602", }, { db: "CNNVD", id: "CNNVD-202112-2084", }, { db: "NVD", id: "CVE-2021-22657", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-102828", }, { db: "VULMON", id: "CVE-2021-22657", }, { db: "JVNDB", id: "JVNDB-2021-016602", }, { db: "CNNVD", id: "CNNVD-202112-2084", }, { db: "NVD", id: "CVE-2021-22657", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-28T00:00:00", db: "CNVD", id: "CNVD-2021-102828", }, { date: "2021-12-23T00:00:00", db: "VULMON", id: "CVE-2021-22657", }, { date: "2022-12-19T00:00:00", db: "JVNDB", id: "JVNDB-2021-016602", }, { date: "2021-12-21T00:00:00", db: "CNNVD", id: "CNNVD-202112-2084", }, { date: "2021-12-23T20:15:08.987000", db: "NVD", id: "CVE-2021-22657", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-26T00:00:00", db: "CNVD", id: "CNVD-2021-102828", }, { date: "2021-12-29T00:00:00", db: "VULMON", id: "CVE-2021-22657", }, { date: "2022-12-19T04:31:00", db: "JVNDB", id: "JVNDB-2021-016602", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202112-2084", }, { date: "2021-12-29T20:09:40.717000", db: "NVD", id: "CVE-2021-22657", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2084", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-016602", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202112-2084", }, ], trust: 0.6, }, }
var-202112-1870
Vulnerability from variot
An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. mySCADA myPRO contains an undocumented functionality vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-1870", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mypro", scope: "lte", trust: 1, vendor: "myscada", version: "8.20.0", }, { model: "mypro", scope: "eq", trust: 0.8, vendor: "myscada", version: null, }, { model: "mypro", scope: "lte", trust: 0.8, vendor: "myscada", version: "8.20.0 and earlier", }, { model: "mypro", scope: "lte", trust: 0.6, vendor: "myscada", version: "<=8.20.0", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102830", }, { db: "JVNDB", id: "JVNDB-2021-016607", }, { db: "NVD", id: "CVE-2021-43987", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Michael Heinzl reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202112-2086", }, ], trust: 0.6, }, cve: "CVE-2021-43987", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2021-43987", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2021-102830", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-43987", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "OTHER", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2021-016607", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-43987", trust: 1, value: "CRITICAL", }, { author: "ics-cert@hq.dhs.gov", id: "CVE-2021-43987", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2021-43987", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2021-102830", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-2086", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2021-43987", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102830", }, { db: "VULMON", id: "CVE-2021-43987", }, { db: "JVNDB", id: "JVNDB-2021-016607", }, { db: "CNNVD", id: "CNNVD-202112-2086", }, { db: "NVD", id: "CVE-2021-43987", }, { db: "NVD", id: "CVE-2021-43987", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. mySCADA myPRO contains an undocumented functionality vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes", sources: [ { db: "NVD", id: "CVE-2021-43987", }, { db: "JVNDB", id: "JVNDB-2021-016607", }, { db: "CNVD", id: "CNVD-2021-102830", }, { db: "VULMON", id: "CVE-2021-43987", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-43987", trust: 3.9, }, { db: "ICS CERT", id: "ICSA-21-355-01", trust: 3.1, }, { db: "JVN", id: "JVNVU90153325", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-016607", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-102830", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.0075", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-2086", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-43987", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102830", }, { db: "VULMON", id: "CVE-2021-43987", }, { db: "JVNDB", id: "JVNDB-2021-016607", }, { db: "CNNVD", id: "CNNVD-202112-2086", }, { db: "NVD", id: "CVE-2021-43987", }, ], }, id: "VAR-202112-1870", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-102830", }, ], trust: 0.8894511199999999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102830", }, ], }, last_update_date: "2024-11-23T21:33:27.041000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "myPRO", trust: 0.8, url: "https://www.myscada.org/mypro/", }, { title: "Patch for mySCADA myPRO has an unknown vulnerability (CNVD-2021-102830)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/310821", }, { title: "mySCADA myPRO Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175463", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102830", }, { db: "JVNDB", id: "JVNDB-2021-016607", }, { db: "CNNVD", id: "CNNVD-202112-2086", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-912", trust: 1, }, { problemtype: "Unpublished features (CWE-912) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016607", }, { db: "NVD", id: "CVE-2021-43987", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.1, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-43987", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu90153325/index.html", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0075", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/912.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102830", }, { db: "VULMON", id: "CVE-2021-43987", }, { db: "JVNDB", id: "JVNDB-2021-016607", }, { db: "CNNVD", id: "CNNVD-202112-2086", }, { db: "NVD", id: "CVE-2021-43987", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-102830", }, { db: "VULMON", id: "CVE-2021-43987", }, { db: "JVNDB", id: "JVNDB-2021-016607", }, { db: "CNNVD", id: "CNNVD-202112-2086", }, { db: "NVD", id: "CVE-2021-43987", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-28T00:00:00", db: "CNVD", id: "CNVD-2021-102830", }, { date: "2021-12-23T00:00:00", db: "VULMON", id: "CVE-2021-43987", }, { date: "2022-12-19T00:00:00", db: "JVNDB", id: "JVNDB-2021-016607", }, { date: "2021-12-21T00:00:00", db: "CNNVD", id: "CNNVD-202112-2086", }, { date: "2021-12-23T20:15:11.767000", db: "NVD", id: "CVE-2021-43987", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-26T00:00:00", db: "CNVD", id: "CNVD-2021-102830", }, { date: "2021-12-29T00:00:00", db: "VULMON", id: "CVE-2021-43987", }, { date: "2022-12-19T04:31:00", db: "JVNDB", id: "JVNDB-2021-016607", }, { date: "2022-01-10T00:00:00", db: "CNNVD", id: "CNNVD-202112-2086", }, { date: "2024-11-21T06:30:09.503000", db: "NVD", id: "CVE-2021-43987", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2086", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "mySCADA myPRO Vulnerabilities related to undisclosed functions in", sources: [ { db: "JVNDB", id: "JVNDB-2021-016607", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202112-2086", }, ], trust: 0.6, }, }
cve-2017-12730
Vulnerability from cvelistv5
Published
2017-10-06 04:00
Modified
2024-08-05 18:43
Severity ?
EPSS score ?
Summary
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/100815 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | mySCADA myPRO |
Version: mySCADA myPRO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:43:56.662Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "100815", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100815", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "mySCADA myPRO", vendor: "n/a", versions: [ { status: "affected", version: "mySCADA myPRO", }, ], }, ], datePublic: "2017-10-05T00:00:00", descriptions: [ { lang: "en", value: "An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-428", description: "CWE-428", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-06T09:57:01", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { name: "100815", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100815", }, { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2017-12730", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "mySCADA myPRO", version: { version_data: [ { version_value: "mySCADA myPRO", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-428", }, ], }, ], }, references: { reference_data: [ { name: "100815", refsource: "BID", url: "http://www.securityfocus.com/bid/100815", }, { name: "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2017-12730", datePublished: "2017-10-06T04:00:00", dateReserved: "2017-08-09T00:00:00", dateUpdated: "2024-08-05T18:43:56.662Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33013
Vulnerability from cvelistv5
Published
2022-05-13 15:19
Modified
2024-09-16 22:21
Severity ?
EPSS score ?
Summary
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | x_refsource_MISC | |
| https://www.myscada.org/version-8-20-0-released-security-update | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:42:19.054Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "myPRO", vendor: "mySCADA", versions: [ { lessThan: "8.20.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Michael Heinzl reported these vulnerabilities to CISA.", }, ], datePublic: "2021-08-05T00:00:00", descriptions: [ { lang: "en", value: "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-13T15:19:35", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users apply update v8.20.0 or later.", }, ], source: { discovery: "EXTERNAL", }, title: "mySCADA myPRO Improper Access Control", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-08-05T21:32:00.000Z", ID: "CVE-2021-33013", STATE: "PUBLIC", TITLE: "mySCADA myPRO Improper Access Control", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "myPRO", version: { version_data: [ { version_affected: "<", version_value: "8.20.0", }, ], }, }, ], }, vendor_name: "mySCADA", }, ], }, }, credit: [ { lang: "eng", value: "Michael Heinzl reported these vulnerabilities to CISA.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-284: Improper Access Control", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { name: "https://www.myscada.org/version-8-20-0-released-security-update", refsource: "CONFIRM", url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users apply update v8.20.0 or later.", }, ], source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-33013", datePublished: "2022-05-13T15:19:35.805770Z", dateReserved: "2021-05-13T00:00:00", dateUpdated: "2024-09-16T22:21:16.634Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29169
Vulnerability from cvelistv5
Published
2023-04-27 22:03
Modified
2025-01-17 17:08
Severity ?
EPSS score ?
Summary
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mySCADA Technologies | mySCADA myPRO |
Version: 0 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:16.012Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-29169", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-17T17:02:23.122197Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-17T17:08:18.925Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "mySCADA myPRO", vendor: "mySCADA Technologies", versions: [ { lessThanOrEqual: "8.26.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. ", }, ], problemTypes: [ { descriptions: [ { description: "CWE-78 OS Command Injection", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-27T22:03:30.341Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], source: { discovery: "UNKNOWN", }, title: "CVE-2023-29169", x_generator: { engine: "VINCE 2.0.7", env: "prod", origin: "https://cveawg.mitre.org/api/cve/CVE-2023-29169", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2023-29169", datePublished: "2023-04-27T22:03:30.341Z", dateReserved: "2023-04-03T21:34:49.125Z", dateUpdated: "2025-01-17T17:08:18.925Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-25067
Vulnerability from cvelistv5
Published
2025-02-13 21:35
Modified
2025-02-14 15:47
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
mySCADA myPRO Manager
is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mySCADA | myPRO Manager |
Version: 0 < 1.4 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-25067", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-14T15:37:55.224547Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-14T15:47:02.910Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "myPRO Manager", vendor: "mySCADA", versions: [ { lessThan: "1.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Michael Heinzl reported these vulnerabilities to CISA.", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "mySCADA myPRO Manager\n \nis vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.", }, ], value: "mySCADA myPRO Manager\n \nis vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 9.3, baseSeverity: "CRITICAL", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 OS Command Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-13T21:35:45.844Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16", }, { url: "https://www.myscada.org/downloads/mySCADAPROManager/", }, { url: "https://www.myscada.org/contacts/", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "mySCADA recommends users update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/downloads/mySCADAPROManager/\">myPRO Manager v1.4</a>\n\n<br>", }, ], value: "mySCADA recommends users update to myPRO Manager v1.4 https://www.myscada.org/downloads/mySCADAPROManager/", }, ], source: { advisory: "ICSA-25-044-16", discovery: "EXTERNAL", }, title: "mySCADA myPRO Manager OS Command Injection", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2025-25067", datePublished: "2025-02-13T21:35:45.844Z", dateReserved: "2025-02-11T00:04:11.899Z", dateUpdated: "2025-02-14T15:47:02.910Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33009
Vulnerability from cvelistv5
Published
2022-05-13 15:19
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | x_refsource_MISC | |
| https://www.myscada.org/version-8-20-0-released-security-update | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:42:19.024Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "myPRO", vendor: "mySCADA", versions: [ { lessThan: "8.20.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Michael Heinzl reported these vulnerabilities to CISA.", }, ], datePublic: "2021-08-05T00:00:00", descriptions: [ { lang: "en", value: "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434: Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-13T15:19:06", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users apply update v8.20.0 or later.", }, ], source: { discovery: "EXTERNAL", }, title: "mySCADA myPRO Unrestricted Upload of File with Dangerous Type", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-08-05T21:32:00.000Z", ID: "CVE-2021-33009", STATE: "PUBLIC", TITLE: "mySCADA myPRO Unrestricted Upload of File with Dangerous Type", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "myPRO", version: { version_data: [ { version_affected: "<", version_value: "8.20.0", }, ], }, }, ], }, vendor_name: "mySCADA", }, ], }, }, credit: [ { lang: "eng", value: "Michael Heinzl reported these vulnerabilities to CISA.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-434: Unrestricted Upload of File with Dangerous Type", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { name: "https://www.myscada.org/version-8-20-0-released-security-update", refsource: "CONFIRM", url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users apply update v8.20.0 or later.", }, ], source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-33009", datePublished: "2022-05-13T15:19:06.387653Z", dateReserved: "2021-05-13T00:00:00", dateUpdated: "2024-09-17T03:23:47.898Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-23411
Vulnerability from cvelistv5
Published
2025-02-13 21:33
Modified
2025-02-14 15:47
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
mySCADA myPRO Manager
is vulnerable to cross-site request forgery (CSRF), which could allow
an attacker to obtain sensitive information. An attacker would need to
trick the victim in to visiting an attacker-controlled website.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mySCADA | myPRO Manager |
Version: 0 < 1.4 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-23411", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-14T15:36:47.351150Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-14T15:47:10.881Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "myPRO Manager", vendor: "mySCADA", versions: [ { lessThan: "1.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Michael Heinzl reported these vulnerabilities to CISA.", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "mySCADA myPRO Manager\n is vulnerable to cross-site request forgery (CSRF), which could allow \nan attacker to obtain sensitive information. An attacker would need to \ntrick the victim in to visiting an attacker-controlled website.", }, ], value: "mySCADA myPRO Manager\n is vulnerable to cross-site request forgery (CSRF), which could allow \nan attacker to obtain sensitive information. An attacker would need to \ntrick the victim in to visiting an attacker-controlled website.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 5.1, baseSeverity: "MEDIUM", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "ACTIVE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-13T21:33:26.498Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16", }, { url: "https://www.myscada.org/downloads/mySCADAPROManager/", }, { url: "https://www.myscada.org/contacts/", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "mySCADA recommends users update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/downloads/mySCADAPROManager/\">myPRO Manager v1.4</a>\n\n<br>", }, ], value: "mySCADA recommends users update to myPRO Manager v1.4 https://www.myscada.org/downloads/mySCADAPROManager/", }, ], source: { advisory: "ICSA-25-044-16", discovery: "EXTERNAL", }, title: "mySCADA myPRO Manager Cross-Site Request Forgery", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2025-23411", datePublished: "2025-02-13T21:33:26.498Z", dateReserved: "2025-02-11T00:04:11.876Z", dateUpdated: "2025-02-14T15:47:10.881Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11517
Vulnerability from cvelistv5
Published
2018-05-28 16:00
Modified
2024-09-16 23:46
Severity ?
EPSS score ?
Summary
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb | x_refsource_MISC | |
| https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T08:10:14.652Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-28T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-11517", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb", refsource: "MISC", url: "https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb", }, { name: "https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure", refsource: "MISC", url: "https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-11517", datePublished: "2018-05-28T16:00:00Z", dateReserved: "2018-05-28T00:00:00Z", dateUpdated: "2024-09-16T23:46:56.002Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43984
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.114Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "myPRO", vendor: "mySCADA", versions: [ { lessThanOrEqual: "8.20.0", status: "affected", version: "All", versionType: "custom", }, ], }, ], datePublic: "2021-12-21T00:00:00", descriptions: [ { lang: "en", value: "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 OS Command Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T19:48:37", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, title: "mySCADA myPRO", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-12-21T17:26:00.000Z", ID: "CVE-2021-43984", STATE: "PUBLIC", TITLE: "mySCADA myPRO", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "myPRO", version: { version_data: [ { version_affected: "<=", version_name: "All", version_value: "8.20.0", }, ], }, }, ], }, vendor_name: "mySCADA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78 OS Command Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-43984", datePublished: "2021-12-23T19:48:37.725013Z", dateReserved: "2021-11-17T00:00:00", dateUpdated: "2024-09-16T23:30:31.442Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43985
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-16 17:14
Severity ?
EPSS score ?
Summary
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.143Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "myPRO", vendor: "mySCADA", versions: [ { lessThanOrEqual: "8.20.0", status: "affected", version: "All", versionType: "custom", }, ], }, ], datePublic: "2021-12-21T00:00:00", descriptions: [ { lang: "en", value: "An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-288", description: "CWE-288 Authentication Bypass Using an Alternate Path or Channel", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T19:48:40", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, title: "mySCADA myPRO", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-12-21T17:26:00.000Z", ID: "CVE-2021-43985", STATE: "PUBLIC", TITLE: "mySCADA myPRO", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "myPRO", version: { version_data: [ { version_affected: "<=", version_name: "All", version_value: "8.20.0", }, ], }, }, ], }, vendor_name: "mySCADA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-288 Authentication Bypass Using an Alternate Path or Channel", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-43985", datePublished: "2021-12-23T19:48:40.631051Z", dateReserved: "2021-11-17T00:00:00", dateUpdated: "2024-09-16T17:14:15.304Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43989
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-16 19:56
Severity ?
EPSS score ?
Summary
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.125Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "myPRO", vendor: "mySCADA", versions: [ { lessThanOrEqual: "8.20.0", status: "affected", version: "All", versionType: "custom", }, ], }, ], datePublic: "2021-12-21T00:00:00", descriptions: [ { lang: "en", value: "mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-916", description: "CWE-916 Use of Password Hash With Insufficient Computational Effort", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T19:48:39", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, title: "mySCADA myPRO", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-12-21T17:26:00.000Z", ID: "CVE-2021-43989", STATE: "PUBLIC", TITLE: "mySCADA myPRO", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "myPRO", version: { version_data: [ { version_affected: "<=", version_name: "All", version_value: "8.20.0", }, ], }, }, ], }, vendor_name: "mySCADA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-916 Use of Password Hash With Insufficient Computational Effort", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-43989", datePublished: "2021-12-23T19:48:39.913930Z", dateReserved: "2021-11-17T00:00:00", dateUpdated: "2024-09-16T19:56:02.446Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24865
Vulnerability from cvelistv5
Published
2025-02-13 21:29
Modified
2025-02-14 15:47
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
10.0 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
EPSS score ?
Summary
The administrative web interface of
mySCADA myPRO Manager
can be accessed without authentication
which could allow an unauthorized attacker to retrieve sensitive
information and upload files without the associated password.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mySCADA | myPRO Manager |
Version: 0 < 1.4 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24865", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-14T15:37:58.972109Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-14T15:47:26.772Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "myPRO Manager", vendor: "mySCADA", versions: [ { lessThan: "1.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Michael Heinzl reported these vulnerabilities to CISA.", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The administrative web interface of \nmySCADA myPRO Manager\n\ncan be accessed without authentication \nwhich could allow an unauthorized attacker to retrieve sensitive \ninformation and upload files without the associated password.\n\n<br>", }, ], value: "The administrative web interface of \nmySCADA myPRO Manager\n\ncan be accessed without authentication \nwhich could allow an unauthorized attacker to retrieve sensitive \ninformation and upload files without the associated password.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 10, baseSeverity: "CRITICAL", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "HIGH", subConfidentialityImpact: "HIGH", subIntegrityImpact: "HIGH", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306 Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-13T21:29:23.438Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16", }, { url: "https://www.myscada.org/downloads/mySCADAPROManager/", }, { url: "https://www.myscada.org/contacts/", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "mySCADA recommends users update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/downloads/mySCADAPROManager/\">myPRO Manager v1.4</a>\n\n<br>", }, ], value: "mySCADA recommends users update to myPRO Manager v1.4 https://www.myscada.org/downloads/mySCADAPROManager/", }, ], source: { advisory: "ICSA-25-044-16", discovery: "EXTERNAL", }, title: "mySCADA myPRO Manager Missing Authentication for Critical Function", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2025-24865", datePublished: "2025-02-13T21:29:23.438Z", dateReserved: "2025-02-11T00:04:11.893Z", dateUpdated: "2025-02-14T15:47:26.772Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-22896
Vulnerability from cvelistv5
Published
2025-02-13 21:31
Modified
2025-02-14 15:47
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
9.2 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
9.2 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
EPSS score ?
Summary
mySCADA myPRO Manager
stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mySCADA | myPRO Manager |
Version: 0 < 1.4 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-22896", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-14T15:37:09.587734Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-14T15:47:18.133Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "myPRO Manager", vendor: "mySCADA", versions: [ { lessThan: "1.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Michael Heinzl reported these vulnerabilities to CISA.", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "mySCADA myPRO Manager\n\n\nstores credentials in cleartext, which could allow an attacker to obtain sensitive information.\n\n<br>", }, ], value: "mySCADA myPRO Manager\n\n\nstores credentials in cleartext, which could allow an attacker to obtain sensitive information.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 9.2, baseSeverity: "CRITICAL", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "HIGH", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-312", description: "CWE-312 Cleartext Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-13T21:31:37.888Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16", }, { url: "https://www.myscada.org/downloads/mySCADAPROManager/", }, { url: "https://www.myscada.org/contacts/", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "mySCADA recommends users update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/downloads/mySCADAPROManager/\">myPRO Manager v1.4</a>\n\n<br>", }, ], value: "mySCADA recommends users update to myPRO Manager v1.4 https://www.myscada.org/downloads/mySCADAPROManager/", }, ], source: { advisory: "ICSA-25-044-16", discovery: "EXTERNAL", }, title: "mySCADA myPRO Manager Cleartext Storage of Sensitive Information", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2025-22896", datePublished: "2025-02-13T21:31:37.888Z", dateReserved: "2025-02-11T00:04:11.885Z", dateUpdated: "2025-02-14T15:47:18.133Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4708
Vulnerability from cvelistv5
Published
2024-07-02 23:06
Modified
2024-08-01 20:47
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:myscada:mypro:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "mypro", vendor: "myscada", versions: [ { lessThan: "8.31.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4708", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-05T20:10:12.733058Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T21:23:04.236Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.657Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02", }, { tags: [ "x_transferred", ], url: "https://www.myscada.org/mypro/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "myPRO", vendor: "mySCADA", versions: [ { lessThan: "8.31.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Nassim Asrir working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.", }, ], datePublic: "2024-07-02T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "mySCADA myPRO \n\n<span style=\"background-color: rgb(255, 255, 255);\">uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.</span>\n\n<br>", }, ], value: "mySCADA myPRO \n\nuses a hard-coded password which could allow an attacker to remotely execute code on the affected device.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 9.3, baseSeverity: "CRITICAL", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-259", description: "CWE-259 Use of Hard-coded Password", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-23T20:56:09.695Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02", }, { url: "https://www.myscada.org/mypro/", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">mySCADA recommends updating myPRO to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/mypro/\">v8.31.0</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>", }, ], value: "mySCADA recommends updating myPRO to v8.31.0 https://www.myscada.org/mypro/ .", }, ], source: { advisory: "ICSA-24-184-02", discovery: "EXTERNAL", }, title: "mySCADA myPRO Use of Hard-coded Password", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2024-4708", datePublished: "2024-07-02T23:06:21.045Z", dateReserved: "2024-05-09T20:45:17.755Z", dateUpdated: "2024-08-01T20:47:41.657Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33005
Vulnerability from cvelistv5
Published
2022-05-13 15:18
Modified
2024-09-17 00:32
Severity ?
EPSS score ?
Summary
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | x_refsource_MISC | |
| https://www.myscada.org/version-8-20-0-released-security-update | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:42:19.949Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "myPRO", vendor: "mySCADA", versions: [ { lessThan: "8.20.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Michael Heinzl reported these vulnerabilities to CISA.", }, ], datePublic: "2021-08-05T00:00:00", descriptions: [ { lang: "en", value: "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22: Path Traversal", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-13T15:18:39", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users apply update v8.20.0 or later.", }, ], source: { discovery: "EXTERNAL", }, title: "mySCADA myPRO Path Traversal", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-08-05T21:32:00.000Z", ID: "CVE-2021-33005", STATE: "PUBLIC", TITLE: "mySCADA myPRO Path Traversal", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "myPRO", version: { version_data: [ { version_affected: "<", version_value: "8.20.0", }, ], }, }, ], }, vendor_name: "mySCADA", }, ], }, }, credit: [ { lang: "eng", value: "Michael Heinzl reported these vulnerabilities to CISA.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22: Path Traversal", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { name: "https://www.myscada.org/version-8-20-0-released-security-update", refsource: "CONFIRM", url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users apply update v8.20.0 or later.", }, ], source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-33005", datePublished: "2022-05-13T15:18:40.002621Z", dateReserved: "2021-05-13T00:00:00", dateUpdated: "2024-09-17T00:32:14.543Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11311
Vulnerability from cvelistv5
Published
2018-05-20 22:00
Modified
2024-08-05 08:01
Severity ?
EPSS score ?
Summary
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf | x_refsource_MISC | |
| https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44656/ | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T08:01:52.925Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password", }, { name: "44656", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44656/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-05-19T00:00:00", descriptions: [ { lang: "en", value: "A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-22T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password", }, { name: "44656", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44656/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-11311", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf", refsource: "MISC", url: "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf", }, { name: "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password", refsource: "MISC", url: "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password", }, { name: "44656", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44656/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-11311", datePublished: "2018-05-20T22:00:00", dateReserved: "2018-05-19T00:00:00", dateUpdated: "2024-08-05T08:01:52.925Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43981
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-16 20:12
Severity ?
EPSS score ?
Summary
mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.144Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "myPRO", vendor: "mySCADA", versions: [ { lessThanOrEqual: "8.20.0", status: "affected", version: "All", versionType: "custom", }, ], }, ], datePublic: "2021-12-21T00:00:00", descriptions: [ { lang: "en", value: "mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 OS Command Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T19:48:39", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, title: "mySCADA myPRO", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-12-21T17:26:00.000Z", ID: "CVE-2021-43981", STATE: "PUBLIC", TITLE: "mySCADA myPRO", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "myPRO", version: { version_data: [ { version_affected: "<=", version_name: "All", version_value: "8.20.0", }, ], }, }, ], }, vendor_name: "mySCADA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78 OS Command Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-43981", datePublished: "2021-12-23T19:48:39.215460Z", dateReserved: "2021-11-17T00:00:00", dateUpdated: "2024-09-16T20:12:37.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2234
Vulnerability from cvelistv5
Published
2022-08-24 15:15
Modified
2024-09-16 22:14
Severity ?
EPSS score ?
Summary
An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mySCADA Technologies | mySCADA myPRO |
Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:32:09.256Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "mySCADA myPRO", vendor: "mySCADA Technologies", versions: [ { lessThanOrEqual: "8.26.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Marlon Luis Petry reported this vulnerability to CISA.", }, ], datePublic: "2022-08-23T00:00:00", descriptions: [ { lang: "en", value: "An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Command Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-24T15:15:48", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users upgrade to version 8.27.0 or higher. For more information, contact mySCADA technical support. mySCADA will also send security advice by email to all registered users.", }, ], source: { discovery: "EXTERNAL", }, title: "mySCADA myPRO Command Injection", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2022-08-23T20:17:00.000Z", ID: "CVE-2022-2234", STATE: "PUBLIC", TITLE: "mySCADA myPRO Command Injection", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "mySCADA myPRO", version: { version_data: [ { version_affected: "<=", version_value: "8.26.0", }, ], }, }, ], }, vendor_name: "mySCADA Technologies", }, ], }, }, credit: [ { lang: "eng", value: "Marlon Luis Petry reported this vulnerability to CISA.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-77 Command Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03", refsource: "CONFIRM", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users upgrade to version 8.27.0 or higher. For more information, contact mySCADA technical support. mySCADA will also send security advice by email to all registered users.", }, ], source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2022-2234", datePublished: "2022-08-24T15:15:48.755685Z", dateReserved: "2022-06-27T00:00:00", dateUpdated: "2024-09-16T22:14:46.207Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44453
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "myPRO", vendor: "mySCADA", versions: [ { lessThanOrEqual: "8.20.0", status: "affected", version: "All", versionType: "custom", }, ], }, ], datePublic: "2021-12-21T00:00:00", descriptions: [ { lang: "en", value: "mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 OS Command Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T19:48:38", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, title: "mySCADA myPRO", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-12-21T17:26:00.000Z", ID: "CVE-2021-44453", STATE: "PUBLIC", TITLE: "mySCADA myPRO", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "myPRO", version: { version_data: [ { version_affected: "<=", version_name: "All", version_value: "8.20.0", }, ], }, }, ], }, vendor_name: "mySCADA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78 OS Command Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-44453", datePublished: "2021-12-23T19:48:38.488413Z", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-09-17T01:46:17.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-0999
Vulnerability from cvelistv5
Published
2022-04-11 19:38
Modified
2024-08-02 23:47
Severity ?
EPSS score ?
Summary
An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:47:43.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "myPRO", vendor: "mySCADA", versions: [ { lessThanOrEqual: "8.25.0", status: "affected", version: "5.59", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Michael Heinzl reported this vulnerability to CISA.", }, ], descriptions: [ { lang: "en", value: "An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77: Command Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-11T19:38:30", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users upgrade to version 8.26 or higher. For more information, contact mySCADA technical support. mySCADA will also send security advice by email to all registered users.\n", }, ], source: { advisory: "ICSA-22-083-02", discovery: "EXTERNAL", }, title: "mySCADA myPRO Command Injection", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2022-0999", STATE: "PUBLIC", TITLE: "mySCADA myPRO Command Injection", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "myPRO", version: { version_data: [ { version_affected: "<=", version_name: "5.59", version_value: "8.25.0", }, ], }, }, ], }, vendor_name: "mySCADA", }, ], }, }, credit: [ { lang: "eng", value: "Michael Heinzl reported this vulnerability to CISA.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-77: Command Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02", refsource: "CONFIRM", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users upgrade to version 8.26 or higher. For more information, contact mySCADA technical support. mySCADA will also send security advice by email to all registered users.\n", }, ], source: { advisory: "ICSA-22-083-02", discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2022-0999", datePublished: "2022-04-11T19:38:30", dateReserved: "2022-03-16T00:00:00", dateUpdated: "2024-08-02T23:47:43.250Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28384
Vulnerability from cvelistv5
Published
2023-04-27 22:09
Modified
2025-01-17 17:05
Severity ?
EPSS score ?
Summary
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mySCADA Technologies | mySCADA myPRO |
Version: 0 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:25.032Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-28384", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-17T17:02:21.885807Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-17T17:05:57.647Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "mySCADA myPRO", vendor: "mySCADA Technologies", versions: [ { lessThanOrEqual: "8.26.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-78 OS Command Injection", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-27T22:09:56.434Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], source: { discovery: "UNKNOWN", }, title: "CVE-2023-28384", x_generator: { engine: "VINCE 2.0.7", env: "prod", origin: "https://cveawg.mitre.org/api/cve/CVE-2023-28384", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2023-28384", datePublished: "2023-04-27T22:09:56.434Z", dateReserved: "2023-04-03T21:34:49.132Z", dateUpdated: "2025-01-17T17:05:57.647Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28400
Vulnerability from cvelistv5
Published
2023-04-27 22:18
Modified
2025-01-17 17:04
Severity ?
EPSS score ?
Summary
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mySCADA Technologies | mySCADA myPRO |
Version: 0 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:25.118Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-28400", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-17T17:02:19.323935Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-17T17:04:22.225Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "mySCADA myPRO", vendor: "mySCADA Technologies", versions: [ { lessThanOrEqual: "8.26.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. ", }, ], problemTypes: [ { descriptions: [ { description: "CWE-78 OS Command Injection", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-27T22:18:43.429Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], source: { discovery: "UNKNOWN", }, title: "CVE-2023-28400", x_generator: { engine: "VINCE 2.0.7", env: "prod", origin: "https://cveawg.mitre.org/api/cve/CVE-2023-28400", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2023-28400", datePublished: "2023-04-27T22:18:43.429Z", dateReserved: "2023-04-03T21:34:49.140Z", dateUpdated: "2025-01-17T17:04:22.225Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23198
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-16 16:23
Severity ?
EPSS score ?
Summary
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:05:55.652Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "myPRO", vendor: "mySCADA", versions: [ { lessThanOrEqual: "8.20.0", status: "affected", version: "All", versionType: "custom", }, ], }, ], datePublic: "2021-12-21T00:00:00", descriptions: [ { lang: "en", value: "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 OS Command Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T19:48:35", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, title: "mySCADA myPRO", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-12-21T17:26:00.000Z", ID: "CVE-2021-23198", STATE: "PUBLIC", TITLE: "mySCADA myPRO", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "myPRO", version: { version_data: [ { version_affected: "<=", version_name: "All", version_value: "8.20.0", }, ], }, }, ], }, vendor_name: "mySCADA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78 OS Command Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-23198", datePublished: "2021-12-23T19:48:35.400986Z", dateReserved: "2021-12-03T00:00:00", dateUpdated: "2024-09-16T16:23:34.792Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22657
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:51:05.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "myPRO", vendor: "mySCADA", versions: [ { lessThanOrEqual: "8.20.0", status: "affected", version: "All", versionType: "custom", }, ], }, ], datePublic: "2021-12-21T00:00:00", descriptions: [ { lang: "en", value: "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 OS Command Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T19:48:36", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, title: "mySCADA myPRO", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-12-21T17:26:00.000Z", ID: "CVE-2021-22657", STATE: "PUBLIC", TITLE: "mySCADA myPRO", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "myPRO", version: { version_data: [ { version_affected: "<=", version_name: "All", version_value: "8.20.0", }, ], }, }, ], }, vendor_name: "mySCADA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78 OS Command Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-22657", datePublished: "2021-12-23T19:48:36.843123Z", dateReserved: "2021-01-05T00:00:00", dateUpdated: "2024-09-17T00:21:11.417Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27505
Vulnerability from cvelistv5
Published
2022-05-13 15:17
Modified
2024-09-16 22:46
Severity ?
EPSS score ?
Summary
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | x_refsource_MISC | |
| https://www.myscada.org/version-8-20-0-released-security-update | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:26:10.394Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "myPRO", vendor: "mySCADA", versions: [ { lessThan: "8.20.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Michael Heinzl reported these vulnerabilities to CISA.", }, ], datePublic: "2021-08-05T00:00:00", descriptions: [ { lang: "en", value: "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-548", description: "CWE-548: Exposure of Information Through Directory Listing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-13T15:17:59", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users apply update v8.20.0 or later.", }, ], source: { discovery: "EXTERNAL", }, title: "mySCADA myPRO Exposure of Information Through Directory Listing", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-08-05T21:32:00.000Z", ID: "CVE-2021-27505", STATE: "PUBLIC", TITLE: "mySCADA myPRO Exposure of Information Through Directory Listing", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "myPRO", version: { version_data: [ { version_affected: "<", version_value: "8.20.0", }, ], }, }, ], }, vendor_name: "mySCADA", }, ], }, }, credit: [ { lang: "eng", value: "Michael Heinzl reported these vulnerabilities to CISA.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-548: Exposure of Information Through Directory Listing", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03", }, { name: "https://www.myscada.org/version-8-20-0-released-security-update", refsource: "CONFIRM", url: "https://www.myscada.org/version-8-20-0-released-security-update", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users apply update v8.20.0 or later.", }, ], source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-27505", datePublished: "2022-05-13T15:17:59.788340Z", dateReserved: "2021-02-19T00:00:00", dateUpdated: "2024-09-16T22:46:04.372Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29150
Vulnerability from cvelistv5
Published
2023-04-27 22:01
Modified
2025-01-17 17:08
Severity ?
EPSS score ?
Summary
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mySCADA Technologies | mySCADA myPRO |
Version: 0 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:15.875Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-29150", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-17T17:02:24.596728Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-17T17:08:45.022Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "mySCADA myPRO", vendor: "mySCADA Technologies", versions: [ { lessThanOrEqual: "8.26.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. ", }, ], problemTypes: [ { descriptions: [ { description: "CWE-78 OS Command Injection", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-27T22:01:29.958Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], source: { discovery: "UNKNOWN", }, title: "CVE-2023-29150", x_generator: { engine: "VINCE 2.0.7", env: "prod", origin: "https://cveawg.mitre.org/api/cve/CVE-2023-29150", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2023-29150", datePublished: "2023-04-27T22:01:29.958Z", dateReserved: "2023-04-03T21:34:49.120Z", dateUpdated: "2025-01-17T17:08:45.022Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43987
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-16 23:35
Severity ?
EPSS score ?
Summary
An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.102Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "myPRO", vendor: "mySCADA", versions: [ { lessThanOrEqual: "8.20.0", status: "affected", version: "All", versionType: "custom", }, ], }, ], datePublic: "2021-12-21T00:00:00", descriptions: [ { lang: "en", value: "An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-912", description: "CWE-912 Hidden Functionality", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T19:48:36", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], solutions: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, title: "mySCADA myPRO", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2021-12-21T17:26:00.000Z", ID: "CVE-2021-43987", STATE: "PUBLIC", TITLE: "mySCADA myPRO", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "myPRO", version: { version_data: [ { version_affected: "<=", version_name: "All", version_value: "8.20.0", }, ], }, }, ], }, vendor_name: "mySCADA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-912 Hidden Functionality", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01", }, ], }, solution: [ { lang: "en", value: "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support.", }, ], source: { advisory: "ICSA-21-355-01", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2021-43987", datePublished: "2021-12-23T19:48:36.147646Z", dateReserved: "2021-11-17T00:00:00", dateUpdated: "2024-09-16T23:35:29.605Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28716
Vulnerability from cvelistv5
Published
2023-04-27 22:11
Modified
2025-01-17 17:05
Severity ?
EPSS score ?
Summary
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mySCADA Technologies | mySCADA myPRO |
Version: 0 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T13:43:23.746Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-28716", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-17T17:02:20.633757Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-17T17:05:06.847Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "mySCADA myPRO", vendor: "mySCADA Technologies", versions: [ { lessThanOrEqual: "8.26.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. ", }, ], problemTypes: [ { descriptions: [ { description: "CWE-78 OS Command Injection", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-27T22:11:48.603Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", }, ], source: { discovery: "UNKNOWN", }, title: "CVE-2023-28716", x_generator: { engine: "VINCE 2.0.7", env: "prod", origin: "https://cveawg.mitre.org/api/cve/CVE-2023-28716", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2023-28716", datePublished: "2023-04-27T22:11:48.603Z", dateReserved: "2023-04-03T21:34:49.136Z", dateUpdated: "2025-01-17T17:05:06.847Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }