Filtered by vendor Myscada
Subscribe
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28400 | 1 Myscada | 1 Mypro | 2023-12-10 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-28384 | 1 Myscada | 1 Mypro | 2023-12-10 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-28716 | 1 Myscada | 1 Mypro | 2023-12-10 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-29169 | 1 Myscada | 1 Mypro | 2023-12-10 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-29150 | 1 Myscada | 1 Mypro | 2023-12-10 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2022-2234 | 1 Myscada | 1 Mypro | 2023-12-10 | N/A | 8.8 HIGH |
| An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. | |||||
| CVE-2021-33009 | 1 Myscada | 1 Mypro | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. | |||||
| CVE-2022-0999 | 1 Myscada | 1 Mypro | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | |||||
| CVE-2021-33005 | 1 Myscada | 1 Mypro | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. | |||||
| CVE-2021-33013 | 1 Myscada | 1 Mypro | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. | |||||
| CVE-2021-27505 | 1 Myscada | 1 Mypro | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. | |||||
| CVE-2021-43989 | 1 Myscada | 1 Mypro | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. | |||||
| CVE-2021-41578 | 1 Myscada | 1 Mydesigner | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution. | |||||
| CVE-2021-43985 | 1 Myscada | 1 Mypro | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. | |||||
| CVE-2021-43555 | 1 Myscada | 1 Mydesigner | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution. | |||||
| CVE-2021-43981 | 1 Myscada | 1 Mypro | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2021-43984 | 1 Myscada | 1 Mypro | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2021-43987 | 1 Myscada | 1 Mypro | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. | |||||
| CVE-2021-23198 | 1 Myscada | 1 Mypro | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2021-44453 | 1 Myscada | 1 Mypro | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. | |||||