ReportizFlow
Filtered by vendor Myscada
Subscriptions
Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50054 | 1 Myscada | 2 Mypro Manager, Mypro Runtime | 2024-11-26 | 7.5 High |
| The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system. | ||||
| CVE-2024-47138 | 1 Myscada | 2 Mypro Manager, Mypro Runtime | 2024-11-26 | 9.8 Critical |
| The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. | ||||
| CVE-2024-45369 | 1 Myscada | 2 Mypro Manager, Mypro Runtime | 2024-11-26 | 8.1 High |
| The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource. | ||||
| CVE-2024-47407 | 1 Myscada | 2 Mypro Manager, Mypro Runtime | 2024-11-25 | 10 Critical |
| A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. | ||||
| CVE-2024-52034 | 1 Myscada | 2 Mypro Manager, Mypro Runtime | 2024-11-25 | 10 Critical |
| An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. | ||||
| CVE-2024-4708 | 1 Myscada | 1 Mypro | 2024-11-21 | 9.8 Critical |
| mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. | ||||
| CVE-2023-29169 | 1 Myscada | 1 Mypro | 2024-11-21 | 8.8 High |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | ||||
| CVE-2023-29150 | 1 Myscada | 1 Mypro | 2024-11-21 | 8.8 High |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | ||||
| CVE-2023-28716 | 1 Myscada | 1 Mypro | 2024-11-21 | 8.8 High |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | ||||
| CVE-2023-28400 | 1 Myscada | 1 Mypro | 2024-11-21 | 8.8 High |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | ||||
| CVE-2023-28384 | 1 Myscada | 1 Mypro | 2024-11-21 | 8.8 High |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | ||||
| CVE-2022-2234 | 1 Myscada | 1 Mypro | 2024-11-21 | 9.9 Critical |
| An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. | ||||
| CVE-2022-0999 | 1 Myscada | 1 Mypro | 2024-11-21 | 8.8 High |
| An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | ||||
| CVE-2021-44453 | 1 Myscada | 1 Mypro | 2024-11-21 | 10 Critical |
| mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. | ||||
| CVE-2021-43989 | 1 Myscada | 1 Mypro | 2024-11-21 | 7.5 High |
| mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. | ||||
| CVE-2021-43987 | 1 Myscada | 1 Mypro | 2024-11-21 | 9.8 Critical |
| An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. | ||||
| CVE-2021-43985 | 1 Myscada | 1 Mypro | 2024-11-21 | 9.1 Critical |
| An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. | ||||
| CVE-2021-43984 | 1 Myscada | 1 Mypro | 2024-11-21 | 10 Critical |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | ||||
| CVE-2021-43981 | 1 Myscada | 1 Mypro | 2024-11-21 | 10 Critical |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | ||||
| CVE-2021-43555 | 1 Myscada | 1 Mydesigner | 2024-11-21 | 7.3 High |
| mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution. | ||||